ROOT-APP-MAVEN-CVE-2022-1471 CVE-2022-1471 in io.root.org.yaml:snakeyaml - Patched by Root

Root has patched CVE-2022-1471 in the io.root.org.yaml:snakeyaml package for Root:Maven. Multiple fixed versions available...

osv-java-poc

OSV Scanner CVE Detection POC — Vulnerable Java App ⚠️ WA...

Astra Linux - уязвимость в snakeyaml

Those who use Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially allow for a Denial of...

Astra Linux - уязвимость в snakeyaml

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections...

Astra Linux - уязвимость в snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux - уязвимость в snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux - уязвимость в snakeyaml

The Alias feature in SnakeYAML before version 1.26 allowed entity expansion during a load operation, which is a related issue to CVE-2003-1564...

Astra Linux - уязвимость в snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Confluence Data Center

This Confluence release includes updates to our org.yaml:snakeyaml dependency in response to CVE-2022-1471. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for...

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

CVE-2026-1691 bolo-solo SnakeYAML BackupService.java importMarkdownsSync deserialization

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

CVE-2026-1691

CVE-2026-1691 affects bolo-solo up to 2.6.4, specifically the function importMarkdownsSync in BackupService.java (SnakeYAML). The vulnerability enables deserialization via this pathway, with remote execution potential as stated. The exploit has been disclosed publicly. Connected sources provide v...

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

CVE-2026-1691 bolo-solo SnakeYAML BackupService.java importMarkdownsSync deserialization

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

PT-2026-5427

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-8.el8 (AXSA:2022-3880:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3880:02 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 Tenable has extracted the preceding description block...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-9.el8 (AXSA:2022-4526:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4526:04 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 Tenable has extracted the preceding description block directly from the MiracleLin...

CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

CVE-2025-63721

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server...

EUVD-2025-201789

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component allowing attackers to achieve RCE and take over the server...