CVE-2022-25857

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

Severity

7.5

High

CVSS V3

Description

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

References

https://images.chainguard.dev/security/CGA-4v88-fh58-2mpr
https://github.com/advisories/GHSA-3mc7-4q67-w48m
https://images.chainguard.dev/security/CGA-56x8-j6m7-rjhq
https://images.chainguard.dev/security/CGA-xgmv-rcq4-w49c
https://images.chainguard.dev/security/CGA-vvcr-mx64-rm4g
https://images.chainguard.dev/security/CGA-v8c3-wc4q-hfmx
https://images.chainguard.dev/security/CGA-qqfv-p3r3-j2fg
https://images.chainguard.dev/security/CGA-w753-xwwq-8ch4
https://images.chainguard.dev/security/CGA-8mhp-9r8c-whw4
https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174
https://bitbucket.org/snakeyaml/snakeyaml/issues/525
https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html
https://security.netapp.com/advisory/ntap-20240315-0010/
https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal