Описание
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.31 (исключая)
cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00299
Низкий
7.5 High
CVSS3
Дефекты
CWE-776
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 3 года назад
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CVSS3: 7.5
redhat
почти 3 года назад
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CVSS3: 7.5
debian
почти 3 года назад
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable t ...
EPSS
Процентиль: 53%
0.00299
Низкий
7.5 High
CVSS3
Дефекты
CWE-776