6 matches found
SUSE CVE-2026-40612
jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
Denial of Service (DoS)
Overview org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Denial of Service DoS due to missing nested depth limitation for collections. NOTE: This vulnerability has also been identified as: CVE-2022-38749 Details Denial of Service D...