Lucene search

K
nvd[email protected]NVD:CVE-2022-25857
HistoryAug 30, 2022 - 5:15 a.m.

CVE-2022-25857

2022-08-3005:15:07
CWE-776
web.nvd.nist.gov
1
org.yaml:snakeyaml
package vulnerability
denial of service
dos
nested depth limitation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

55.6%

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Affected configurations

NVD
Node
snakeyaml_projectsnakeyamlRange<1.31
Node
debiandebian_linuxMatch10.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

55.6%