VDB
CISA-2022-38752
CISA-2022-38752
PUBLISHED
CVSS 6.5 MEDIUM
Reported by Google · Published September 5, 2022
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| snakeyaml | SnakeYAML | unspecified |
| snakeyaml | SnakeYAML | unspecified, unspecified |
| snakeyaml_project | snakeyaml | 0, 0 |
Timeline
- Sep 5, 2022 CVE Published
- Aug 3, 2024 CVE Updated
- Apr 26, 2026 Security Advisory
References
- GLSA-202305-28 vendor-advisory