org.yaml:snakeyaml@1.12 vulnerabilities
-
latest version
2.3
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
2 months ago
-
licenses detected
- [1.4,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.yaml:snakeyaml package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Arbitrary Code Execution in the The maintainers of the library contend that the application's trust would already have had to be compromised or established and therefore dispute the risk associated with this issue on the basis that there is a high bar for exploitation. How to fix Arbitrary Code Execution? Upgrade |
[0,2.0)
|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Stack-based Buffer Overflow when supplied with untrusted input, due to improper limitation for incoming data. How to fix Stack-based Buffer Overflow? Upgrade |
[,1.32)
|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Stack-based Buffer Overflow in How to fix Stack-based Buffer Overflow? Upgrade |
[,1.31)
|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing crafted untrusted YAML files, which can lead to a denial-of-service. How to fix Stack-based Buffer Overflow? Upgrade |
[,1.32)
|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing crafted untrusted YAML files, which can lead to a denial-of-service. How to fix Stack-based Buffer Overflow? Upgrade |
[,1.31)
|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing nested depth limitation for collections. NOTE: This vulnerability has also been identified as: CVE-2022-25857 How to fix Denial of Service (DoS)? Upgrade |
[0,1.31)
|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing nested depth limitation for collections. NOTE: This vulnerability has also been identified as: CVE-2022-38749 How to fix Denial of Service (DoS)? Upgrade |
[0,1.31)
|
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Denial of Service (DoS). The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. Note While the Maintainer acknowledges the existence of the issue, they believe it should be solved by sanitizing the How to fix Denial of Service (DoS)? Upgrade |
[,1.26)
|