Vulnerability

CVE-2022-41854
CVSS Score 6.5 medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-121

[CVE-2022-41854] CWE-121: Stack-based Buffer Overflow

Description

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

See org.yaml/snakeyaml package information