CVE-2022-25857

Uncontrolled Resource Consumption in snakeyaml

Description

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Java

Publish Date

August 30, 2022

Modified Date

March 15, 2024

Score Vector

Affected Versions