Astra Linux - уязвимость в snakeyaml

The Alias feature in SnakeYAML before version 1.26 allowed entity expansion during a load operation, which is a related issue to CVE-2003-1564...

Astra Linux – Vulnerability in snakeyaml

Those who use Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially allow for a Denial of...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-8.el8 (AXSA:2022-3880:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3880:02 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 Tenable has extracted the preceding description block...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-9.el8 (AXSA:2022-4526:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4526:04 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 Tenable has extracted the preceding description block directly from the MiracleLin...

CVE-2025-63721

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server...

CVE-2025-63721

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server...

PT-2025-49569

Name of the Vulnerable Software and Affected Versions HummerRisk versions through 1.5.0 Description HummerRisk is affected by an issue stemming from a vulnerable Snakeyaml component, potentially allowing attackers to achieve Remote Code Execution RCE and gain control of the server. Recommendation...

HummerCloud HummerRisk 安全漏洞

HummerCloud HummerRisk is an open source cloud-native security platform from China's HummerCloud, which solves security and governance issues in cloud-native environments in a non-intrusive way, with core capabilities including security governance for hybrid clouds and cloud-native security...

CVE-2025-63721

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server...

TencentOS Server 3: prometheus-jmx-exporter (TSSA-2023:0146)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0146 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2023-2088

Malicious code in bioql PyPI...

EUVD-2022-7446

Malicious code in bioql PyPI...

USN-7368-1: SnakeYAML vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

USN-7368-1 snakeyaml vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

Ubuntu: Security Advisory (USN-7368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 .Apache Submarine uses JAXRS to define REST endpoints. In order tohandle YAML requests using application/yaml content-type, it defines...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

Security Bulletin: A vulnerability in SnakeYaml package affects Data Replication on Cloud Pak for Data

Summary A vulnerability in SnakeYaml package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in...

The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.

The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...