Skip to main content

Snakeyaml

7 CVEs product

Monthly

CVE-2022-1471 Maven CRITICAL POC PATCH THREAT Act Now

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Snakeyaml
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2022-41854 Maven MEDIUM POC PATCH This Month

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow Snakeyaml Fedora
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38752 Maven MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-38751 Maven MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38750 Maven MEDIUM POC PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-38749 Maven MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-25857 Maven HIGH POC PATCH This Week

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Snakeyaml Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
EPSS 100% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Snakeyaml
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Snakeyaml Debian Linux
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy