CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

Security Update for Microsoft Visual Studio Code Bosh Editor Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Bosh Editor Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain...

Security Update for Microsoft Visual Studio Code Concourse CI Pipeline Editor Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Concourse CI Pipeline Editor Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that...

Security Update for Microsoft Visual Studio Code Spring Boot Tools Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Spring Boot Tools Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certa...

Security Update for Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML...

CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

Remote code execution

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some...

Spring Tools 代码注入漏洞

Spring Tools is a series of plug-ins for Spring that are used to assist developers in writing programs. A security vulnerability exists in Spring Tools that stems from the Snakeyaml library, which supports YAML editing, allowing for some special syntax in YAML that could allow an attacker to...

CVE-2022-31691

CVE-2022-31691 affects Spring Tools 4 for Eclipse (STS4) up to 4.16.0 and related VSCode extensions (Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor, Cloudfoundry Manifest YML Support) up to 1.39.0. The root cause is the Snakeyaml YAML editing library, which can allow remote code exe...