CVE-2022-25857 @ Maven-org.yaml:snakeyaml-1.26

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2022-25857) about CVE-2022-25857
**Checkmarx Project:** [jerp1979/java\-faker](https://eu.ast.checkmarx.net/projects/80665d4a-17df-4b6a-a5e9-b12ef3137b1d/overview?branch=master)
**Repository URL:** [https://github.com/jerp1979/java\-faker](https://github.com/jerp1979/java-faker)
**Branch:** master
**Scan ID:** [8f3fa71f\-fe46\-4bc8\-9378\-781a0403538e](https://eu.ast.checkmarx.net/projects/80665d4a-17df-4b6a-a5e9-b12ef3137b1d/scans?id=8f3fa71f-fe46-4bc8-9378-781a0403538e&branch=master)


----
The package org.yaml:snakeyaml before 1.31 is vulnerable to Denial of Service (DoS) due to missing nested depth limitation for collections. This CVE is duplicated by CVE-2022-38749. Checkmarx analyzed this thoroughly to understand if there was a difference between the CVEs but they reference the same issue and the fix is exactly the same.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 1.33.0.redhat-00002


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-25857 @ Maven-org.yaml:snakeyaml-1.26 #6

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2022-25857 @ Maven-org.yaml:snakeyaml-1.26 #6

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions