634 matches found
DoS in SnakeYAML
...
DoS in SnakeYAML
...
DoS in SnakeYAML
...
DoS in SnakeYAML
...
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
...
CVE-2025-56816
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...
Linux Distros Unpatched Vulnerability : CVE-2022-1471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can...
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
CVE-2023-51389
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2021-36162
Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...
CVE-2020-1947
In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...
ROS-20250424-02
The vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...
USN-7368-1: SnakeYAML vulnerability
It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...
USN-7368-1 snakeyaml vulnerability
It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2023-0044 DESCRIPTION: Quarkus could allow a remote attacker to obtain sensitive information, caused by a flaw when the Form Authentication session cookie Path attribute is se...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...
Ubuntu: Security Advisory (USN-7368-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : SnakeYAML vulnerability (USN-7368-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7368-1 advisory. It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to...