Denial of Service (DoS)
CVE-2022-25857

7.5HIGH

Key Information:

Vendor: Snakeyaml Project
Status: Org.yaml:snakeyaml
Vendor: CVE Published:; 30 August 2022

🔔 Create Snakeyaml Project Vulnerability Alert

What is CVE-2022-25857?

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Affected Version(s)

org.yaml:snakeyaml 0

org.yaml:snakeyaml < 1.31

References

https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

https://bitbucket.org/snakeyaml/snakeyaml/commits/fc30078...

https://github.com/snakeyaml/snakeyaml/commit/fc300780da2...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2022
Vulnerability Reserved
Feb 24, 2022

Credit

unknown

CVE-2022-25857 Data

JSON