The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. This package is bundled into Psych which is in turn bundled into jruby.
github.com/jruby/jruby/issues/7342