GHSA-c4r9-r8fh-9vj2

Suggest an improvement
Source
https://github.com/advisories/GHSA-c4r9-r8fh-9vj2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c4r9-r8fh-9vj2
Aliases
Related
Published
2022-09-06T00:00:27Z
Modified
2024-03-15T12:49:34.373482Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Database specific
{
    "nvd_published_at": "2022-09-05T10:15:00Z",
    "cwe_ids": [
        "CWE-121",
        "CWE-787"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:27:43Z"
}
References

Affected packages

Maven / org.yaml:snakeyaml

Package

Name
org.yaml:snakeyaml
View open source insights on deps.dev
Purl
pkg:maven/org.yaml/snakeyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.31

Affected versions

1.*

1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.30

Maven / be.cylab:snakeyaml

Package

Name
be.cylab:snakeyaml
View open source insights on deps.dev
Purl
pkg:maven/be.cylab/snakeyaml

Affected ranges

Affected versions

1.*

1.25.1

Maven / com.alipay.sofa.acts:acts-common-util

Package

Name
com.alipay.sofa.acts:acts-common-util
View open source insights on deps.dev
Purl
pkg:maven/com.alipay.sofa.acts/acts-common-util

Affected ranges

Affected versions

1.*

1.0.0

Maven / io.prometheus.jmx:jmx_prometheus_httpserver

Package

Name
io.prometheus.jmx:jmx_prometheus_httpserver
View open source insights on deps.dev
Purl
pkg:maven/io.prometheus.jmx/jmx_prometheus_httpserver

Affected ranges

Affected versions

0.*

0.17.0

Maven / io.prometheus.jmx:jmx_prometheus_httpserver_java6

Package

Name
io.prometheus.jmx:jmx_prometheus_httpserver_java6
View open source insights on deps.dev
Purl
pkg:maven/io.prometheus.jmx/jmx_prometheus_httpserver_java6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.18.0

Affected versions

0.*

0.17.0
0.17.1
0.17.2
0.18.0

Maven / org.testifyproject.external:external-snakeyaml

Package

Name
org.testifyproject.external:external-snakeyaml
View open source insights on deps.dev
Purl
pkg:maven/org.testifyproject.external/external-snakeyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.0.6

Affected versions

0.*

0.9.5
0.9.6
0.9.7
0.9.8
0.9.9

1.*

1.0.0
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6

Maven / pl.droidsonroids.yaml:snakeyaml

Package

Name
pl.droidsonroids.yaml:snakeyaml
View open source insights on deps.dev
Purl
pkg:maven/pl.droidsonroids.yaml/snakeyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.18.2

Affected versions

1.*

1.18-android
1.18.1
1.18.2