Lucene search
Veracode Vulnerability DatabaseVERACODE:36857HistoryAug 31, 2022 - 2:31 a.m.
Denial Of Service (DoS)
2022-08-3102:31:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
snakeyaml vulnerability dos composer function limitations application crash
EPSS
0.002
Percentile
55.6%
snakeyaml is vulnerable to Denial Of Service (DoS). The vulnerability exists because the Composer function of Composer.java does not properly restrict the nested depth limitation for collections, allowing an attacker to crash the application.
References
bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174
bitbucket.org/snakeyaml/snakeyaml/issues/525
github.com/advisories/GHSA-3mc7-4q67-w48m
github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
lists.debian.org/debian-lts-announce/2022/10/msg00001.html
Related
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-10-06 00:00:00
redhat
redhat
ibm
ibm
nvd
nvd
CVE-2022-25857
2022-08-30 05:15:07
cve
cve
CVE-2022-25857
2022-08-30 05:15:07
rocky
rocky
prometheus-jmx-exporter security update
2022-10-06 07:13:19
Satellite 6.13 Release
2023-05-05 15:39:58
ubuntucve
ubuntucve
CVE-2022-25857
2022-08-30 00:00:00
almalinux
almalinux
Moderate: prometheus-jmx-exporter security update
2022-10-06 00:00:00
cvelist
cvelist
CVE-2022-25857 Denial of Service (DoS)
2022-08-30 05:05:11
osv
osv
CVE-2022-25857
2022-08-30 05:15:07
Moderate: prometheus-jmx-exporter security update
2022-10-06 07:13:19
Moderate: prometheus-jmx-exporter security update
2022-10-06 00:00:00
debiancve
debiancve
CVE-2022-25857
2022-08-30 05:15:07
redhatcve
redhatcve
CVE-2022-25857
2022-09-14 12:44:14
nessus
nessus
Oracle Linux 8 : prometheus-jmx-exporter (ELSA-2022-6820)
2022-10-06 00:00:00
RHEL 8 : prometheus-jmx-exporter (RHSA-2022:6820)
2022-10-06 00:00:00
AlmaLinux 8 : prometheus-jmx-exporter (ALSA-2022:6820)
2022-10-08 00:00:00
amazon
amazon
Important: snakeyaml
2023-03-02 22:35:00
prion
prion
Design/Logic Flaw
2022-08-30 05:15:00
rubygems
rubygems
github
github
Uncontrolled Resource Consumption in snakeyaml
2022-08-31 00:00:24
cbl_mariner
cbl_mariner
CVE-2022-25857 affecting package snakeyaml 1.25-2
2024-09-27 09:12:43
openvas
openvas
Fedora: Security Advisory for snakeyaml (FEDORA-2022-c01dd659fa)
2022-12-21 00:00:00
Fedora: Security Advisory for snakeyaml (FEDORA-2022-8a4e8aa190)
2022-12-21 00:00:00
Debian: Security Advisory (DLA-3132-1)
2022-10-05 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: snakeyaml-1.32-1.fc36
2022-12-21 01:18:24
[SECURITY] Fedora 37 Update: snakeyaml-1.32-1.fc37
2022-12-21 01:29:20
debian
debian
[SECURITY] [DLA 3132-1] snakeyaml security update
2022-10-02 22:06:40
ubuntu
ubuntu
SnakeYAML vulnerabilities
2023-03-10 00:00:00
suse
suse
Security update for snakeyaml (important)
2022-09-26 00:00:00
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00