View all vulnerabilities

CVE-2022-25857

Uncontrolled Resource Consumption in snakeyaml

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
org.yaml:snakeyaml < 1.31
Severity
High
Ecosystem
Publish Date
August 30, 2022
Modified Date
March 15, 2024