CVE-2022-25857

Опубликовано: 30 авг. 2022

Источник: debian

EPSS Низкий

Описание

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
snakeyaml	fixed	1.31-1		package
snakeyaml	fixed	1.28-1+deb11u1	bullseye	package

Примечания

https://bitbucket.org/snakeyaml/snakeyaml/issues/525
https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

EPSS

Процентиль: 57%

0.00348

Низкий

Связанные уязвимости

CVE-2022-25857

CVSS3: 7.5

ubuntu

больше 3 лет назад

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVE-2022-25857

CVSS3: 7.5

redhat

больше 3 лет назад

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVE-2022-25857

CVSS3: 7.5

nvd

больше 3 лет назад

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVE-2022-25857

CVSS3: 7.5

msrc

4 месяца назад

Denial of Service (DoS)

RLSA-2022:6820

rocky

больше 3 лет назад

Moderate: prometheus-jmx-exporter security update

EPSS

Процентиль: 57%

0.00348

Низкий