Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
History

Wed, 20 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2022-09-05T00:00:00

Updated: 2024-11-20T14:57:41.651Z

Reserved: 2022-08-25T00:00:00

Link: CVE-2022-38750

cve-icon Vulnrichment

Updated: 2024-08-03T11:02:14.509Z

cve-icon NVD

Status : Modified

Published: 2022-09-05T10:15:09.733

Modified: 2024-11-21T07:17:01.207

Link: CVE-2022-38750

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-09-05T00:00:00Z

Links: CVE-2022-38750 - Bugzilla