Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
snakeyaml project snakeyaml vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-1471
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content ...
Snakeyaml Project Snakeyaml
11 Github repositories
1 Article
6.5
CVSSv3
CVE-2022-41854
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
Snakeyaml Project Snakeyaml
Fedoraproject Fedora 36
Fedoraproject Fedora 37
2 Github repositories
6.5
CVSSv3
CVE-2022-38752
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Snakeyaml Project Snakeyaml
2 Github repositories
6.5
CVSSv3
CVE-2022-38749
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2022-38750
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2022-38751
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-25857
The package org.yaml:snakeyaml from 0 and prior to 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2021-21249
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using `SafeConstructor`)...
Onedev Project Onedev
7.5
CVSSv3
CVE-2017-18640
The Alias feature in SnakeYAML prior to 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Snakeyaml Project Snakeyaml
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Quarkus Quarkus
Oracle Peoplesoft Enterprise Pt Peopletools 8.56
Oracle Peoplesoft Enterprise Pt Peopletools 8.57
Oracle Peoplesoft Enterprise Pt Peopletools 8.58
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started