Page 2 of 8 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. El uso de snakeYAML para analizar archivos YAML no confiables puede ser vulnerable a ataques de Denegación de Servicio (DOS). Si el analizador es ejecutado en la entrada suministrada por el usuario, un atacante puede suministrar el contenido que hace que el analizador sea bloqueado por stackoverflow A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash. • https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027 https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html https://security.gentoo.org/glsa/202305-28 https://security.netapp.com/advisory/ntap-20240315-0010 https://access.redhat.com/security/cve/CVE-2022-38750 https://bugzilla.redhat.com/show_bug.cgi?id=2129707 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. El paquete org.yaml:snakeyaml versiones desde 0 y anteriores a 1.31, son vulnerables a una Denegación de Servicio (DoS) debido a una falta de limitación de profundidad anidada para las colecciones A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections. • https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174 https://bitbucket.org/snakeyaml/snakeyaml/issues/525 https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174 https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html https://security.netapp.com/advisory/ntap-20240315-0010 https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360 https://access.redhat.com/security/cve/CVE-2022-25857 https://bugzilla.redhat.com/show_bug.cgi?id=2126789 • CWE-400: Uncontrolled Resource Consumption CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 7.6EPSS: 1%CPEs: 7EXPL: 2

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. La función Alias en SnakeYAML antes de la versión 1.26 permite la expansión de entidades durante una operación de carga, un problema relacionado con CVE-2003-1564 • https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack https://bitbucket.org/snakeyaml/snakeyaml/issues/377 https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E https://lists.apach • CWE-122: Heap-based Buffer Overflow CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •