CVE-2022-31691

🗓️ 04 Nov 2022 00:00:00Reported by vmwareType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 72 Views

Spring Tools 4 for Eclipse & VSCode extensions vulnerable to remote code execution via Snakeyaml librar

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2022-31691	17 Nov 202215:27	–	circl
CNNVD	Spring Tools 代码注入漏洞	4 Nov 202200:00	–	cnnvd
Cvelist	CVE-2022-31691	4 Nov 202200:00	–	cvelist
Tenable Nessus	Security Update for Microsoft Visual Studio Code Bosh Editor Extension (CVE-2022-31691)	30 Aug 202300:00	–	nessus
Tenable Nessus	Security Update for Microsoft Visual Studio Code Concourse CI Pipeline Editor Extension (CVE-2022-31691)	30 Aug 202300:00	–	nessus
Tenable Nessus	Security Update for Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension (CVE-2022-31691)	30 Aug 202300:00	–	nessus
Tenable Nessus	Security Update for Microsoft Visual Studio Code Spring Boot Tools Extension (CVE-2022-31691)	30 Aug 202300:00	–	nessus
NVD	CVE-2022-31691	4 Nov 202219:15	–	nvd
OSV	CVE-2022-31691	4 Nov 202219:15	–	osv
Prion	Remote code execution	4 Nov 202219:15	–	prion

NVD

Node

vmware bosh_editorRange1.0.0–1.40.0

vmware cloudfoundry_manifest_yml_supportRange1.0.0–1.40.0

vmware concourse_ci_pipeline_editorRange1.0.0–1.40.0

vmware spring_boot_toolsRange1.0.0–1.40.0

vmware spring_toolsRange4.0.0–4.16.1eclipse

[
  {
    "vendor": "n/a",
    "product": "Spring by VMware",
    "versions": [
      {
        "version": "Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support.",
        "status": "affected"
      }
    ]
  }
]