Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:36954
HistorySep 06, 2022 - 7:02 a.m.

Denial Of Service (DoS)

2022-09-0607:02:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
denial of service
snakeyaml
composer function
vulnerability
nested depth limitation
collections
stack overflow
malicious yaml files
software

EPSS

0.001

Percentile

46.9%

snakeyaml is vulnerable to denial of service. The vulnerability exists in the Composer function of Composer.java as it does not properly restrict the nested depth limitation for collections which allows an attacker to crash the application through the stack overflow by providing malicious yaml files.