SnakeYaml

1 Product 6 CVEs

CVE Severity Distribution (All Time)

Critical

High

Medium

Low

Timeline Overview

Last 30 Days 0 CVEs

Last 6 Months 0 CVEs

Last Year 0 CVEs

Products

View all

SnakeYaml

4 Versions 6 CVEs

Recent CVEs

CVE-2022-1471 HIGH 2 years, 9 months ago

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an a…

CVE-2022-41854 MEDIUM 2 years, 10 months ago

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied i…

CVE-2022-38749 MEDIUM 3 years ago

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, …

CVE-2022-38751 MEDIUM 3 years ago

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, …

CVE-2022-38752 MEDIUM 3 years ago

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, …

CVE-2022-38750 MEDIUM 3 years ago

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, …

Related Security News

Spring Boot SnakeYAML 2.0 CVE-2022-1471 Issue Fixed

2025-02-18 08:04 Javacodegeeks.com

SnakeYAML is a widely used Java library for parsing and dumping YAML. However, a critical security vulnerability, CVE-2022-1471, was discovered in earlier versions, allowing remote code execution (RC…

CVE-2022-1471