Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2022-09-05T00:00:00

Updated: 2024-08-03T11:02:14.529Z

Reserved: 2022-08-25T00:00:00

Link: CVE-2022-38752

cve-icon Vulnrichment

Updated: 2024-08-03T11:02:14.529Z

cve-icon NVD

Status : Modified

Published: 2022-09-05T10:15:09.847

Modified: 2024-11-21T07:17:01.483

Link: CVE-2022-38752

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-09-05T00:00:00Z

Links: CVE-2022-38752 - Bugzilla