Snakeyaml
Monthly
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.