High severityNVD Advisory· Published Aug 30, 2022· Updated Sep 16, 2024
Denial of Service (DoS)
CVE-2022-25857
Description
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.yaml:snakeyamlMaven | < 1.31 | 1.31 |
Affected products
33- org.yaml/snakeyamldescription
- osv-coords32 versionspkg:apk/chainguard/cassandra-5.0pkg:apk/chainguard/cassandra-5.0-compatpkg:apk/chainguard/cassandra-5.0-entrypoint-compatpkg:apk/chainguard/cassandra-5.0-iamguarded-compatpkg:apk/chainguard/cassandra-fips-5.0pkg:apk/chainguard/cassandra-fips-5.0-compatpkg:apk/chainguard/cqlsh-5.0pkg:apk/chainguard/cqlsh-fips-5.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.0-compatpkg:apk/chainguard/management-api-for-apache-cassandra-4.1pkg:apk/chainguard/management-api-for-apache-cassandra-5.0pkg:apk/chainguard/management-api-for-apache-cassandra-5.0-compatpkg:apk/chainguard/request-1277pkg:apk/wolfi/cassandra-5.0pkg:apk/wolfi/cassandra-5.0-compatpkg:apk/wolfi/cassandra-5.0-entrypoint-compatpkg:apk/wolfi/cassandra-5.0-iamguarded-compatpkg:apk/wolfi/cqlsh-5.0pkg:apk/wolfi/management-api-for-apache-cassandra-4.1pkg:apk/wolfi/management-api-for-apache-cassandra-5.0pkg:apk/wolfi/management-api-for-apache-cassandra-5.0-compatpkg:maven/org.yaml/snakeyamlpkg:rpm/almalinux/prometheus-jmx-exporterpkg:rpm/almalinux/prometheus-jmx-exporter-openjdk11pkg:rpm/opensuse/snakeyaml&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/snakeyaml&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/snakeyaml&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/snakeyaml&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/snakeyaml&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/snakeyaml&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/snakeyaml&distro=SUSE%20Manager%20Server%20Module%204.3
< 0+ 31 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 1.31
- (no CPE)range: < 0.12.0-8.el8_6
- (no CPE)range: < 0.12.0-8.el8_6
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.12.6.1
- (no CPE)range: < 1.31-150200.3.8.1
- (no CPE)range: < 1.31-150200.3.8.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-3mc7-4q67-w48mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25857ghsaADVISORY
- bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174ghsaWEB
- bitbucket.org/snakeyaml/snakeyaml/issues/525ghsaWEB
- github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174ghsaWEB
- lists.debian.org/debian-lts-announce/2022/10/msg00001.htmlghsamailing-listWEB
- security.netapp.com/advisory/ntap-20240315-0010ghsaWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360ghsaWEB
- security.netapp.com/advisory/ntap-20240315-0010/mitre
News mentions
0No linked articles in our index yet.