.avif)
View all vulnerabilities
CVE-2022-25857
Uncontrolled Resource Consumption in snakeyaml
Description
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
org.yaml:snakeyaml < 1.31
Severity
High
High
High
Ecosystem
Java
Publish Date
August 30, 2022
Modified Date
March 15, 2024