Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:36953
HistorySep 06, 2022 - 5:56 a.m.

Denial Of Service (DoS)

2022-09-0605:56:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
denial of service
snakeyaml
composer function
composer.java
nested depth limitation
stack overflow
malicious yaml files
vulnerability
software

EPSS

0.001

Percentile

32.6%

snakeyaml is vulnerable to Denial Of Service (DoS). The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections, allowing an attacker to crash the application through the stack overflow by providing malicious yaml files.