Lucene search
K

34 matches found

Atlassian
Atlassian
added 2026/04/16 10:12 p.m.24 views

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Software Data Center. This RCE Remote Code...

9.8CVSS6.5AI score0.99615EPSS
Exploits7
Atlassian
Atlassian
added 2026/04/08 10:29 p.m.22 views

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Service Management Data Center

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Service Management Data...

9.8CVSS7.5AI score0.99615EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/02/05 10:6 p.m.227 views

Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml

yaml-payload Exploit payload JAR for demonstrating CVE-2022-...

9.8CVSS8.8AI score0.99615EPSS
Exploits7
OSV
OSV
added 2026/01/30 5:16 p.m.3 views

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

8.8CVSS5.3AI score
Exploits0References5
EUVD
EUVD
added 2026/01/30 5:2 p.m.7 views

EUVD-2026-5013

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

6.5CVSS5.4AI score0.00498EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.9 views

Bolo-Solo code issue vulnerabilities

Bolo-Solo is a blog system developed under the open source Bolo-Blog project. Versions of Bolo-Solo 2.6.4 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a deserialization issue in the importMarkdownsSync function within the SnakeYAML component’s...

8.8CVSS6.7AI score0.00498EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:5 p.m.9 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Denial of Service due to snake-yaml (CVE-2022-25857)

Summary IBM App Connect Enterprise Toolkit is vulnerable to Denial of Service due to snake-yaml. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for...

7.5CVSS6.5AI score0.02191EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1138

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.01573EPSS
Exploits2References3
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.2 views

Stack Overflow in Snakeyaml

...

6.5CVSS7AI score0.01476EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:48 p.m.6 views

CVE-2021-46364

A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file...

7.8CVSS7.7AI score0.01573EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2025/05/05 12:13 a.m.8 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2025/04/28 12:20 a.m.4 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2025/02/15 4:16 a.m.2 views

SUSE CVE-2022-1471

SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...

8.8CVSS8.1AI score0.99615EPSS
Exploits7References3
RedHat Linux
RedHat Linux
added 2023/12/07 1:41 p.m.5 views

snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service...

6.5CVSS6.8AI score0.01583EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:50 p.m.46 views

Security Bulletin: Multiple security vulnerabilities in Snake YAML affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator uses Snake YAML. Vulnerability Details CVEID: CVE-2017-18640 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could...

9.8CVSS8.8AI score0.99615EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:37 p.m.43 views

Security Bulletin: IBM Sterling B2B Integrator affected by remote code execution due to Snake Yaml (CVE-2022-1471)

Summary IBM Sterling B2B Integrator uses Snake Yaml. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted ya...

9.8CVSS9.7AI score0.99615EPSS
Exploits7Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/30 11:24 a.m.7 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2023/05/10 11:59 a.m.4 views

snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash...

6.5CVSS6.8AI score0.02015EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/01 9:58 p.m.5 views

snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service...

6.5CVSS6.8AI score0.01583EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/01 9:58 p.m.6 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
Rows per page
Query Builder