Astra Linux - уязвимость в snakeyaml

Those who use Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially allow for a Denial of...

Astra Linux - уязвимость в snakeyaml

The Alias feature in SnakeYAML before version 1.26 allowed entity expansion during a load operation, which is a related issue to CVE-2003-1564...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-9.el8 (AXSA:2022-4526:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4526:04 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-8.el8 (AXSA:2022-3880:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3880:02 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 Tenable has extracted the preceding description block...

CVE-2025-63721

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server...

CVE-2025-63721

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server...

PT-2025-49569

Name of the Vulnerable Software and Affected Versions HummerRisk versions through 1.5.0 Description HummerRisk is affected by an issue stemming from a vulnerable Snakeyaml component, potentially allowing attackers to achieve Remote Code Execution RCE and gain control of the server. Recommendation...

HummerCloud HummerRisk 安全漏洞

HummerCloud HummerRisk is an open source cloud-native security platform from China's HummerCloud, which solves security and governance issues in cloud-native environments in a non-intrusive way, with core capabilities including security governance for hybrid clouds and cloud-native security...

CVE-2025-63721

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server...

TencentOS Server 3: prometheus-jmx-exporter (TSSA-2023:0146)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0146 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2022-7446

Malicious code in bioql PyPI...

EUVD-2023-2088

Malicious code in bioql PyPI...

USN-7368-1 snakeyaml vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

USN-7368-1: SnakeYAML vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

Ubuntu: Security Advisory (USN-7368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 .Apache Submarine uses JAXRS to define REST endpoints. In order tohandle YAML requests using application/yaml content-type, it defines...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

Security Bulletin: A vulnerability in SnakeYaml package affects Data Replication on Cloud Pak for Data

Summary A vulnerability in SnakeYaml package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SnakeYaml abitrary code execution vulnerability (CVE-2022-1471).

Summary Potential SnakeYaml abitrary code execution vulnerability CVE-2022-1471 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...