CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

CVE-2021-36162

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

ROS-20250424-02

The vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Denial of Service attacks vulnerability with snakeYaml library

Summary Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Denial of Service attacks vulnerability due to snakeYaml library. Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By...

Apache HertzBeat 代码问题漏洞

Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A deserialization vulnerability exists in Apache HertzBeat versions prior to 1.6.0, which stems from the insecure deserialization of serialized data received from users by the SnakeYAML library...

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 CVSS score: 9.8 - Deserialization vulnerability in SnakeYAML library that can lead to...

RCE (Remote Code Execution) in - CVE-2022-1471

h2. Summary of Vulnerability Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE Remote Code Execution. i Atlassian Cloud sites are not affected by this vulnerability. If your site is accessed...

PT-2023-32975 · Unknown +1 · Torchserve +1

Name of the Vulnerable Software and Affected Versions: TorchServe versions 0.3.0 through 0.8.1 Description: The issue is related to the use of a vulnerable version of the SnakeYAML open source library, which potentially exposes users to unsafe deserialization of Java objects. This could allow thi...

Security Update for Microsoft Visual Studio Code Concourse CI Pipeline Editor Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Concourse CI Pipeline Editor Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that...

Security Update for Microsoft Visual Studio Code Spring Boot Tools Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Spring Boot Tools Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certa...

Security Update for Microsoft Visual Studio Code Bosh Editor Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Bosh Editor Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain...

Security Update for Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML...

Remote code execution

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

GHSA-R577-4HQ7-73QH Remote Code Execution in Apache Dubbo

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...