snakeyaml is vulnerable to Denial Of Service (DoS). The vulnerability exists because the Composer
function of Composer.java
does not properly restrict the nested depth limitation for collections, allowing an attacker to crash the application.
bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174
bitbucket.org/snakeyaml/snakeyaml/issues/525
github.com/advisories/GHSA-3mc7-4q67-w48m
github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
lists.debian.org/debian-lts-announce/2022/10/msg00001.html