Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-W37G-RHQ8-7M4J
Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2024-06-21 21:33
VLAI
Summary
Snakeyaml vulnerable to Stack overflow leading to denial of service
Details
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Severity
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.yaml:snakeyaml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41854"
],
"database_specific": {
"cwe_ids": [
"CWE-121",
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-21T22:27:27Z",
"nvd_published_at": "2022-11-11T13:15:00Z",
"severity": "MODERATE"
},
"details": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"id": "GHSA-w37g-rhq8-7m4j",
"modified": "2024-06-21T21:33:52Z",
"published": "2022-11-11T19:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"type": "PACKAGE",
"url": "https://bitbucket.org/snakeyaml/snakeyaml"
},
{
"type": "WEB",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a"
},
{
"type": "WEB",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240315-0009"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Snakeyaml vulnerable to Stack overflow leading to denial of service"
}
cleanstart-2026-ci66802
Vulnerability from cleanstart
Published
2026-04-01 09:27
Modified
2026-03-24 10:05
Summary
Security fixes for CVE-2015-2104, CVE-2020-8908, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2022-1471, CVE-2022-41881, CVE-2023-27043, CVE-2023-2976, CVE-2023-34462, CVE-2023-6378, CVE-2024-12254, CVE-2024-12718, CVE-2024-12798, CVE-2024-12801, CVE-2024-27137, CVE-2024-6232, CVE-2024-6923, CVE-2024-9287, CVE-2025-0938, CVE-2025-23015, CVE-2025-4138, CVE-2025-4330, CVE-2025-4516, CVE-2025-4517, CVE-2026-1225, ghsa-25qh-j22f-pwp8, ghsa-3mc7-4q67-w48m, ghsa-5mg8-w23w-74h3, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-98wm-3w3q-mw94, ghsa-9w3m-gqgf-c4p9, ghsa-c4r9-r8fh-9vj2, ghsa-hhhw-99gj-p3c3, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-qqpg-mvqg-649v, ghsa-vmq6-5m68-f53m, ghsa-w37g-rhq8-7m4j applied in versions: 4.0.17-r1, 4.0.19-r2, 4.0.19-r3, 4.1.9-r0
Details
Multiple security vulnerabilities affect the cassandra-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "cassandra-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.9-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the cassandra-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-CI66802",
"modified": "2026-03-24T10:05:19Z",
"published": "2026-04-01T09:27:07.387904Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-CI66802.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-2104"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21295"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21409"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-37136"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-1471"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27043"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-6378"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12254"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27137"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6232"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0938"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-23015"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4330"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3mc7-4q67-w48m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-98wm-3w3q-mw94"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9w3m-gqgf-c4p9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c4r9-r8fh-9vj2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hhhw-99gj-p3c3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mjmj-j48q-9wg2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vmq6-5m68-f53m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w37g-rhq8-7m4j"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2104"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27043"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12254"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27137"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6232"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0938"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23015"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4330"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2015-2104, CVE-2020-8908, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2022-1471, CVE-2022-41881, CVE-2023-27043, CVE-2023-2976, CVE-2023-34462, CVE-2023-6378, CVE-2024-12254, CVE-2024-12718, CVE-2024-12798, CVE-2024-12801, CVE-2024-27137, CVE-2024-6232, CVE-2024-6923, CVE-2024-9287, CVE-2025-0938, CVE-2025-23015, CVE-2025-4138, CVE-2025-4330, CVE-2025-4516, CVE-2025-4517, CVE-2026-1225, ghsa-25qh-j22f-pwp8, ghsa-3mc7-4q67-w48m, ghsa-5mg8-w23w-74h3, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-98wm-3w3q-mw94, ghsa-9w3m-gqgf-c4p9, ghsa-c4r9-r8fh-9vj2, ghsa-hhhw-99gj-p3c3, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-qqpg-mvqg-649v, ghsa-vmq6-5m68-f53m, ghsa-w37g-rhq8-7m4j applied in versions: 4.0.17-r1, 4.0.19-r2, 4.0.19-r3, 4.1.9-r0",
"upstream": [
"CVE-2015-2104",
"CVE-2020-8908",
"CVE-2021-21295",
"CVE-2021-21409",
"CVE-2021-37136",
"CVE-2022-1471",
"CVE-2022-41881",
"CVE-2023-27043",
"CVE-2023-2976",
"CVE-2023-34462",
"CVE-2023-6378",
"CVE-2024-12254",
"CVE-2024-12718",
"CVE-2024-12798",
"CVE-2024-12801",
"CVE-2024-27137",
"CVE-2024-6232",
"CVE-2024-6923",
"CVE-2024-9287",
"CVE-2025-0938",
"CVE-2025-23015",
"CVE-2025-4138",
"CVE-2025-4330",
"CVE-2025-4516",
"CVE-2025-4517",
"CVE-2026-1225",
"ghsa-25qh-j22f-pwp8",
"ghsa-3mc7-4q67-w48m",
"ghsa-5mg8-w23w-74h3",
"ghsa-6v67-2wr5-gvf4",
"ghsa-72hv-8253-57qq",
"ghsa-7g45-4rm6-3mm3",
"ghsa-98wm-3w3q-mw94",
"ghsa-9w3m-gqgf-c4p9",
"ghsa-c4r9-r8fh-9vj2",
"ghsa-hhhw-99gj-p3c3",
"ghsa-mjmj-j48q-9wg2",
"ghsa-pr98-23f8-jwxv",
"ghsa-qqpg-mvqg-649v",
"ghsa-vmq6-5m68-f53m",
"ghsa-w37g-rhq8-7m4j"
]
}
cleanstart-2026-gh89210
Vulnerability from cleanstart
Published
2026-05-18 13:15
Modified
2026-05-13 14:13
Summary
Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4
Details
Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "cassandra-reaper-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.1-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-GH89210",
"modified": "2026-05-13T14:13:05Z",
"published": "2026-05-18T13:15:02.086653Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GH89210.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-0886"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-1471"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-38752"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41854"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-23901"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6mjq-h674-j845"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9h6p-92jq-888x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9w3m-gqgf-c4p9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c4qc-4q9p-m9q9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h46c-h94j-95f3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jc7h-c423-mpjc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mjmj-j48q-9wg2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qh8g-58pp-2wxh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w37g-rhq8-7m4j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wjpw-4j6x-6rwh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0886"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23901"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4",
"upstream": [
"CVE-2015-0886",
"CVE-2020-8908",
"CVE-2022-1471",
"CVE-2022-24823",
"CVE-2022-38752",
"CVE-2022-41854",
"CVE-2023-2976",
"CVE-2023-34462",
"CVE-2024-12798",
"CVE-2024-12801",
"CVE-2024-13009",
"CVE-2024-47535",
"CVE-2024-6763",
"CVE-2024-8184",
"CVE-2024-9823",
"CVE-2025-11143",
"CVE-2025-24970",
"CVE-2025-25193",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-52999",
"CVE-2025-58057",
"CVE-2026-1225",
"CVE-2026-23901",
"CVE-2026-44431",
"CVE-2026-44432",
"ghsa-25qh-j22f-pwp8",
"ghsa-389x-839f-4rhx",
"ghsa-3p8m-j85q-pgmj",
"ghsa-4g8c-wm8x-jfhw",
"ghsa-5mg8-w23w-74h3",
"ghsa-6mjq-h674-j845",
"ghsa-6v67-2wr5-gvf4",
"ghsa-72hv-8253-57qq",
"ghsa-7g45-4rm6-3mm3",
"ghsa-9h6p-92jq-888x",
"ghsa-9w3m-gqgf-c4p9",
"ghsa-c4qc-4q9p-m9q9",
"ghsa-g8m5-722r-8whq",
"ghsa-gc5v-m9x4-r6x2",
"ghsa-h46c-h94j-95f3",
"ghsa-j26w-f9rq-mr2q",
"ghsa-j288-q9x7-2f5v",
"ghsa-jc7h-c423-mpjc",
"ghsa-mf9v-mfxr-j63j",
"ghsa-mjmj-j48q-9wg2",
"ghsa-pr98-23f8-jwxv",
"ghsa-q4rv-gq96-w7c5",
"ghsa-qccp-gfcp-xxvc",
"ghsa-qh8g-58pp-2wxh",
"ghsa-qqpg-mvqg-649v",
"ghsa-w37g-rhq8-7m4j",
"ghsa-wjpw-4j6x-6rwh",
"ghsa-wxr5-93ph-8wr9",
"ghsa-xq3w-v528-46rv"
]
}
CVE-2022-41854 (GCVE-0-2022-41854)
Vulnerability from cvelistv5 – Published: 2022-11-11 13:10 – Updated: 2024-09-16 16:24
VLAI
EPSS
Title
Stack Overflow in Snakeyaml
Summary
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Severity
5.8 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detai… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2024031… | |
| https://security.netapp.com/advisory/ntap-2024062… |
Impacted products
Date Public
2022-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
},
{
"name": "FEDORA-2022-c01dd659fa",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/"
},
{
"name": "FEDORA-2022-8a4e8aa190",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/"
},
{
"name": "FEDORA-2023-27ec59a486",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SnakeYaml",
"vendor": "SnakeYaml",
"versions": [
{
"lessThan": "1.32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:06:02.723Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
},
{
"name": "FEDORA-2022-c01dd659fa",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/"
},
{
"name": "FEDORA-2022-8a4e8aa190",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/"
},
{
"name": "FEDORA-2023-27ec59a486",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Stack Overflow in Snakeyaml",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-41854",
"datePublished": "2022-11-11T13:10:10.912Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:24:11.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…