CVE-2022-41854 @ Maven-org.yaml:snakeyaml-1.26

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2022-41854) about CVE-2022-41854
**Checkmarx Project:** [jerp1979/java\-faker](https://eu.ast.checkmarx.net/projects/80665d4a-17df-4b6a-a5e9-b12ef3137b1d/overview?branch=master)
**Repository URL:** [https://github.com/jerp1979/java\-faker](https://github.com/jerp1979/java-faker)
**Branch:** master
**Scan ID:** [8f3fa71f\-fe46\-4bc8\-9378\-781a0403538e](https://eu.ast.checkmarx.net/projects/80665d4a-17df-4b6a-a5e9-b12ef3137b1d/scans?id=8f3fa71f-fe46-4bc8-9378-781a0403538e&branch=master)


----
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser runs on user-supplied input, an attacker may supply content that causes the parser to crash by stack overflow. It affects versions of "org.yaml:snakeyaml" prior to 1.32.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 1.33.0.redhat-00002


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-41854 @ Maven-org.yaml:snakeyaml-1.26 #12

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2022-41854 @ Maven-org.yaml:snakeyaml-1.26 #12

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions