CVE-2022-25857

Опубликовано: 30 авг. 2022

Источник: debian

Описание

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
snakeyaml	fixed	1.31-1		package
snakeyaml	fixed	1.28-1+deb11u1	bullseye	package

Примечания

https://bitbucket.org/snakeyaml/snakeyaml/issues/525
https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

Связанные уязвимости

CVE-2022-25857

CVSS3: 7.5

ubuntu

почти 3 года назад

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVE-2022-25857

CVSS3: 7.5

redhat

почти 3 года назад

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVE-2022-25857

CVSS3: 7.5

nvd

почти 3 года назад

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

RLSA-2022:6820

rocky

почти 3 года назад

Moderate: prometheus-jmx-exporter security update

GHSA-3mc7-4q67-w48m

CVSS3: 7.5

github

почти 3 года назад

Uncontrolled Resource Consumption in snakeyaml