github.com/google/osv-scalibr@v0.4.1/guidedremediation/internal/strategy/override/testdata/maven-classifier/vulnerabilities.json (about) 1 { 2 "vulns": [ 3 { 4 "affected": [ 5 { 6 "database_specific": { 7 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-3mc7-4q67-w48m/GHSA-3mc7-4q67-w48m.json" 8 }, 9 "package": { 10 "ecosystem": "Maven", 11 "name": "org.yaml:snakeyaml", 12 "purl": "pkg:maven/org.yaml/snakeyaml" 13 }, 14 "ranges": [ 15 { 16 "events": [ 17 { 18 "introduced": "0" 19 }, 20 { 21 "fixed": "1.31" 22 } 23 ], 24 "type": "ECOSYSTEM" 25 } 26 ], 27 "versions": [ 28 "1.10", 29 "1.11", 30 "1.12", 31 "1.13", 32 "1.14", 33 "1.15", 34 "1.16", 35 "1.17", 36 "1.18", 37 "1.19", 38 "1.20", 39 "1.21", 40 "1.22", 41 "1.23", 42 "1.24", 43 "1.25", 44 "1.26", 45 "1.27", 46 "1.28", 47 "1.29", 48 "1.30", 49 "1.4", 50 "1.5", 51 "1.6", 52 "1.7", 53 "1.8", 54 "1.9" 55 ] 56 } 57 ], 58 "aliases": [ 59 "CVE-2022-25857" 60 ], 61 "database_specific": { 62 "cwe_ids": [ 63 "CWE-400", 64 "CWE-776" 65 ], 66 "github_reviewed": true, 67 "github_reviewed_at": "2022-09-09T17:53:43Z", 68 "nvd_published_at": "2022-08-30T05:15:00Z", 69 "severity": "HIGH" 70 }, 71 "details": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", 72 "id": "GHSA-3mc7-4q67-w48m", 73 "modified": "2024-03-15T19:20:56.900754Z", 74 "published": "2022-08-31T00:00:24Z", 75 "references": [ 76 { 77 "type": "ADVISORY", 78 "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" 79 }, 80 { 81 "type": "WEB", 82 "url": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174" 83 }, 84 { 85 "type": "WEB", 86 "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174" 87 }, 88 { 89 "type": "WEB", 90 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" 91 }, 92 { 93 "type": "PACKAGE", 94 "url": "https://github.com/snakeyaml/snakeyaml" 95 }, 96 { 97 "type": "WEB", 98 "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" 99 }, 100 { 101 "type": "WEB", 102 "url": "https://security.netapp.com/advisory/ntap-20240315-0010" 103 }, 104 { 105 "type": "WEB", 106 "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360" 107 } 108 ], 109 "schema_version": "1.6.0", 110 "severity": [ 111 { 112 "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", 113 "type": "CVSS_V3" 114 } 115 ], 116 "summary": "Uncontrolled Resource Consumption in snakeyaml" 117 }, 118 { 119 "affected": [ 120 { 121 "database_specific": { 122 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-98wm-3w3q-mw94/GHSA-98wm-3w3q-mw94.json" 123 }, 124 "package": { 125 "ecosystem": "Maven", 126 "name": "org.yaml:snakeyaml", 127 "purl": "pkg:maven/org.yaml/snakeyaml" 128 }, 129 "ranges": [ 130 { 131 "events": [ 132 { 133 "introduced": "0" 134 }, 135 { 136 "fixed": "1.31" 137 } 138 ], 139 "type": "ECOSYSTEM" 140 } 141 ], 142 "versions": [ 143 "1.10", 144 "1.11", 145 "1.12", 146 "1.13", 147 "1.14", 148 "1.15", 149 "1.16", 150 "1.17", 151 "1.18", 152 "1.19", 153 "1.20", 154 "1.21", 155 "1.22", 156 "1.23", 157 "1.24", 158 "1.25", 159 "1.26", 160 "1.27", 161 "1.28", 162 "1.29", 163 "1.30", 164 "1.4", 165 "1.5", 166 "1.6", 167 "1.7", 168 "1.8", 169 "1.9" 170 ] 171 } 172 ], 173 "aliases": [ 174 "CVE-2022-38751" 175 ], 176 "database_specific": { 177 "cwe_ids": [ 178 "CWE-121", 179 "CWE-787" 180 ], 181 "github_reviewed": true, 182 "github_reviewed_at": "2022-09-16T17:45:10Z", 183 "nvd_published_at": "2022-09-05T10:15:00Z", 184 "severity": "MODERATE" 185 }, 186 "details": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", 187 "id": "GHSA-98wm-3w3q-mw94", 188 "modified": "2024-03-15T12:49:11.748743Z", 189 "published": "2022-09-06T00:00:27Z", 190 "references": [ 191 { 192 "type": "ADVISORY", 193 "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" 194 }, 195 { 196 "type": "PACKAGE", 197 "url": "https://bitbucket.org/snakeyaml/snakeyaml" 198 }, 199 { 200 "type": "WEB", 201 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039" 202 }, 203 { 204 "type": "WEB", 205 "url": "https://bitbucket.org/snakeyaml/snakeyaml/src/master/src/test/java/org/yaml/snakeyaml/issues/issue530/Fuzzy47039Test.java" 206 }, 207 { 208 "type": "WEB", 209 "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039" 210 }, 211 { 212 "type": "WEB", 213 "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" 214 }, 215 { 216 "type": "WEB", 217 "url": "https://security.gentoo.org/glsa/202305-28" 218 }, 219 { 220 "type": "WEB", 221 "url": "https://security.netapp.com/advisory/ntap-20240315-0010" 222 } 223 ], 224 "schema_version": "1.6.0", 225 "severity": [ 226 { 227 "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", 228 "type": "CVSS_V3" 229 } 230 ], 231 "summary": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write" 232 }, 233 { 234 "affected": [ 235 { 236 "database_specific": { 237 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-9w3m-gqgf-c4p9/GHSA-9w3m-gqgf-c4p9.json" 238 }, 239 "package": { 240 "ecosystem": "Maven", 241 "name": "org.yaml:snakeyaml", 242 "purl": "pkg:maven/org.yaml/snakeyaml" 243 }, 244 "ranges": [ 245 { 246 "events": [ 247 { 248 "introduced": "0" 249 }, 250 { 251 "fixed": "1.32" 252 } 253 ], 254 "type": "ECOSYSTEM" 255 } 256 ], 257 "versions": [ 258 "1.10", 259 "1.11", 260 "1.12", 261 "1.13", 262 "1.14", 263 "1.15", 264 "1.16", 265 "1.17", 266 "1.18", 267 "1.19", 268 "1.20", 269 "1.21", 270 "1.22", 271 "1.23", 272 "1.24", 273 "1.25", 274 "1.26", 275 "1.27", 276 "1.28", 277 "1.29", 278 "1.30", 279 "1.31", 280 "1.4", 281 "1.5", 282 "1.6", 283 "1.7", 284 "1.8", 285 "1.9" 286 ] 287 } 288 ], 289 "aliases": [ 290 "CVE-2022-38752" 291 ], 292 "database_specific": { 293 "cwe_ids": [ 294 "CWE-121", 295 "CWE-787" 296 ], 297 "github_reviewed": true, 298 "github_reviewed_at": "2022-09-13T21:29:45Z", 299 "nvd_published_at": "2022-09-05T10:15:00Z", 300 "severity": "MODERATE" 301 }, 302 "details": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", 303 "id": "GHSA-9w3m-gqgf-c4p9", 304 "modified": "2024-03-15T12:59:23.253312Z", 305 "published": "2022-09-06T00:00:27Z", 306 "references": [ 307 { 308 "type": "ADVISORY", 309 "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752" 310 }, 311 { 312 "type": "PACKAGE", 313 "url": "https://bitbucket.org/snakeyaml/snakeyaml" 314 }, 315 { 316 "type": "WEB", 317 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081" 318 }, 319 { 320 "type": "WEB", 321 "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081" 322 }, 323 { 324 "type": "WEB", 325 "url": "https://security.gentoo.org/glsa/202305-28" 326 }, 327 { 328 "type": "WEB", 329 "url": "https://security.netapp.com/advisory/ntap-20240315-0009" 330 } 331 ], 332 "schema_version": "1.6.0", 333 "severity": [ 334 { 335 "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", 336 "type": "CVSS_V3" 337 } 338 ], 339 "summary": "snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write" 340 }, 341 { 342 "affected": [ 343 { 344 "database_specific": { 345 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json" 346 }, 347 "package": { 348 "ecosystem": "Maven", 349 "name": "org.yaml:snakeyaml", 350 "purl": "pkg:maven/org.yaml/snakeyaml" 351 }, 352 "ranges": [ 353 { 354 "events": [ 355 { 356 "introduced": "0" 357 }, 358 { 359 "fixed": "1.31" 360 } 361 ], 362 "type": "ECOSYSTEM" 363 } 364 ], 365 "versions": [ 366 "1.10", 367 "1.11", 368 "1.12", 369 "1.13", 370 "1.14", 371 "1.15", 372 "1.16", 373 "1.17", 374 "1.18", 375 "1.19", 376 "1.20", 377 "1.21", 378 "1.22", 379 "1.23", 380 "1.24", 381 "1.25", 382 "1.26", 383 "1.27", 384 "1.28", 385 "1.29", 386 "1.30", 387 "1.4", 388 "1.5", 389 "1.6", 390 "1.7", 391 "1.8", 392 "1.9" 393 ] 394 }, 395 { 396 "database_specific": { 397 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json" 398 }, 399 "package": { 400 "ecosystem": "Maven", 401 "name": "be.cylab:snakeyaml", 402 "purl": "pkg:maven/be.cylab/snakeyaml" 403 }, 404 "versions": [ 405 "1.25.1" 406 ] 407 }, 408 { 409 "database_specific": { 410 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json" 411 }, 412 "package": { 413 "ecosystem": "Maven", 414 "name": "com.alipay.sofa.acts:acts-common-util", 415 "purl": "pkg:maven/com.alipay.sofa.acts/acts-common-util" 416 }, 417 "versions": [ 418 "1.0.0" 419 ] 420 }, 421 { 422 "database_specific": { 423 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json" 424 }, 425 "package": { 426 "ecosystem": "Maven", 427 "name": "io.prometheus.jmx:jmx_prometheus_httpserver", 428 "purl": "pkg:maven/io.prometheus.jmx/jmx_prometheus_httpserver" 429 }, 430 "versions": [ 431 "0.17.0" 432 ] 433 }, 434 { 435 "database_specific": { 436 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json" 437 }, 438 "package": { 439 "ecosystem": "Maven", 440 "name": "io.prometheus.jmx:jmx_prometheus_httpserver_java6", 441 "purl": "pkg:maven/io.prometheus.jmx/jmx_prometheus_httpserver_java6" 442 }, 443 "ranges": [ 444 { 445 "events": [ 446 { 447 "introduced": "0" 448 }, 449 { 450 "last_affected": "0.18.0" 451 } 452 ], 453 "type": "ECOSYSTEM" 454 } 455 ], 456 "versions": [ 457 "0.17.0", 458 "0.17.1", 459 "0.17.2", 460 "0.18.0" 461 ] 462 }, 463 { 464 "database_specific": { 465 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json" 466 }, 467 "package": { 468 "ecosystem": "Maven", 469 "name": "org.testifyproject.external:external-snakeyaml", 470 "purl": "pkg:maven/org.testifyproject.external/external-snakeyaml" 471 }, 472 "ranges": [ 473 { 474 "events": [ 475 { 476 "introduced": "0" 477 }, 478 { 479 "last_affected": "1.0.6" 480 } 481 ], 482 "type": "ECOSYSTEM" 483 } 484 ], 485 "versions": [ 486 "0.9.5", 487 "0.9.6", 488 "0.9.7", 489 "0.9.8", 490 "0.9.9", 491 "1.0.0", 492 "1.0.2", 493 "1.0.3", 494 "1.0.4", 495 "1.0.5", 496 "1.0.6" 497 ] 498 }, 499 { 500 "database_specific": { 501 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-c4r9-r8fh-9vj2/GHSA-c4r9-r8fh-9vj2.json" 502 }, 503 "package": { 504 "ecosystem": "Maven", 505 "name": "pl.droidsonroids.yaml:snakeyaml", 506 "purl": "pkg:maven/pl.droidsonroids.yaml/snakeyaml" 507 }, 508 "ranges": [ 509 { 510 "events": [ 511 { 512 "introduced": "0" 513 }, 514 { 515 "last_affected": "1.18.2" 516 } 517 ], 518 "type": "ECOSYSTEM" 519 } 520 ], 521 "versions": [ 522 "1.18-android", 523 "1.18.1", 524 "1.18.2" 525 ] 526 } 527 ], 528 "aliases": [ 529 "CVE-2022-38749" 530 ], 531 "database_specific": { 532 "cwe_ids": [ 533 "CWE-121", 534 "CWE-787" 535 ], 536 "github_reviewed": true, 537 "github_reviewed_at": "2022-09-15T03:27:43Z", 538 "nvd_published_at": "2022-09-05T10:15:00Z", 539 "severity": "MODERATE" 540 }, 541 "details": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", 542 "id": "GHSA-c4r9-r8fh-9vj2", 543 "modified": "2024-03-15T12:49:34.373482Z", 544 "published": "2022-09-06T00:00:27Z", 545 "references": [ 546 { 547 "type": "ADVISORY", 548 "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" 549 }, 550 { 551 "type": "WEB", 552 "url": "https://arxiv.org/pdf/2306.05534.pdf" 553 }, 554 { 555 "type": "PACKAGE", 556 "url": "https://bitbucket.org/snakeyaml/snakeyaml" 557 }, 558 { 559 "type": "WEB", 560 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open" 561 }, 562 { 563 "type": "WEB", 564 "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024" 565 }, 566 { 567 "type": "WEB", 568 "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" 569 }, 570 { 571 "type": "WEB", 572 "url": "https://security.gentoo.org/glsa/202305-28" 573 }, 574 { 575 "type": "WEB", 576 "url": "https://security.netapp.com/advisory/ntap-20240315-0010" 577 } 578 ], 579 "schema_version": "1.6.0", 580 "severity": [ 581 { 582 "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", 583 "type": "CVSS_V3" 584 } 585 ], 586 "summary": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write" 587 }, 588 { 589 "affected": [ 590 { 591 "database_specific": { 592 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-hhhw-99gj-p3c3/GHSA-hhhw-99gj-p3c3.json" 593 }, 594 "package": { 595 "ecosystem": "Maven", 596 "name": "org.yaml:snakeyaml", 597 "purl": "pkg:maven/org.yaml/snakeyaml" 598 }, 599 "ranges": [ 600 { 601 "events": [ 602 { 603 "introduced": "0" 604 }, 605 { 606 "fixed": "1.31" 607 } 608 ], 609 "type": "ECOSYSTEM" 610 } 611 ], 612 "versions": [ 613 "1.10", 614 "1.11", 615 "1.12", 616 "1.13", 617 "1.14", 618 "1.15", 619 "1.16", 620 "1.17", 621 "1.18", 622 "1.19", 623 "1.20", 624 "1.21", 625 "1.22", 626 "1.23", 627 "1.24", 628 "1.25", 629 "1.26", 630 "1.27", 631 "1.28", 632 "1.29", 633 "1.30", 634 "1.4", 635 "1.5", 636 "1.6", 637 "1.7", 638 "1.8", 639 "1.9" 640 ] 641 } 642 ], 643 "aliases": [ 644 "CVE-2022-38750" 645 ], 646 "database_specific": { 647 "cwe_ids": [ 648 "CWE-121", 649 "CWE-787" 650 ], 651 "github_reviewed": true, 652 "github_reviewed_at": "2022-09-16T21:17:07Z", 653 "nvd_published_at": "2022-09-05T10:15:00Z", 654 "severity": "MODERATE" 655 }, 656 "details": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", 657 "id": "GHSA-hhhw-99gj-p3c3", 658 "modified": "2024-03-15T12:49:06.729862Z", 659 "published": "2022-09-06T00:00:27Z", 660 "references": [ 661 { 662 "type": "ADVISORY", 663 "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" 664 }, 665 { 666 "type": "PACKAGE", 667 "url": "https://bitbucket.org/snakeyaml/snakeyaml" 668 }, 669 { 670 "type": "WEB", 671 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027" 672 }, 673 { 674 "type": "WEB", 675 "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027" 676 }, 677 { 678 "type": "WEB", 679 "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html" 680 }, 681 { 682 "type": "WEB", 683 "url": "https://security.gentoo.org/glsa/202305-28" 684 }, 685 { 686 "type": "WEB", 687 "url": "https://security.netapp.com/advisory/ntap-20240315-0010" 688 } 689 ], 690 "schema_version": "1.6.0", 691 "severity": [ 692 { 693 "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", 694 "type": "CVSS_V3" 695 } 696 ], 697 "summary": "snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write" 698 }, 699 { 700 "affected": [ 701 { 702 "database_specific": { 703 "last_known_affected_version_range": "\u003c= 1.33", 704 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-mjmj-j48q-9wg2/GHSA-mjmj-j48q-9wg2.json" 705 }, 706 "package": { 707 "ecosystem": "Maven", 708 "name": "org.yaml:snakeyaml", 709 "purl": "pkg:maven/org.yaml/snakeyaml" 710 }, 711 "ranges": [ 712 { 713 "events": [ 714 { 715 "introduced": "0" 716 }, 717 { 718 "fixed": "2.0" 719 } 720 ], 721 "type": "ECOSYSTEM" 722 } 723 ], 724 "versions": [ 725 "1.10", 726 "1.11", 727 "1.12", 728 "1.13", 729 "1.14", 730 "1.15", 731 "1.16", 732 "1.17", 733 "1.18", 734 "1.19", 735 "1.20", 736 "1.21", 737 "1.22", 738 "1.23", 739 "1.24", 740 "1.25", 741 "1.26", 742 "1.27", 743 "1.28", 744 "1.29", 745 "1.30", 746 "1.31", 747 "1.32", 748 "1.33", 749 "1.4", 750 "1.5", 751 "1.6", 752 "1.7", 753 "1.8", 754 "1.9" 755 ] 756 } 757 ], 758 "aliases": [ 759 "CVE-2022-1471" 760 ], 761 "database_specific": { 762 "cwe_ids": [ 763 "CWE-20", 764 "CWE-502" 765 ], 766 "github_reviewed": true, 767 "github_reviewed_at": "2022-12-12T21:19:47Z", 768 "nvd_published_at": "2022-12-01T11:15:00Z", 769 "severity": "HIGH" 770 }, 771 "details": "### Summary\nSnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line:\n\nnew Yaml(new Constructor(TestDataClass.class)).load(yamlContent);\n\nTypes do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized.\n\n### Severity\nHigh, lack of type checks during deserialization allows remote code execution.\n\n### Proof of Concept\nExecute `bash run.sh`. The PoC uses Constructor to deserialize a payload\nfor RCE. RCE is demonstrated by using a payload which performs a http request to\nhttp://127.0.0.1:8000.\n\nExample output of successful run of proof of concept:\n\n```\n$ bash run.sh\n\n[+] Downloading snakeyaml if needed\n[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE\nnc: no process found\n[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.\n[+] An exception is expected.\nException:\nCannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0\n in 'string', line 1, column 1:\n payload: !!javax.script.ScriptEn ... \n ^\nCan not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n in 'string', line 1, column 10:\n payload: !!javax.script.ScriptEngineManag ... \n ^\n\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)\n\tat org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)\n\tat org.yaml.snakeyaml.Yaml.load(Yaml.java:416)\n\tat Main.main(Main.java:37)\nCaused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)\n\tat java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)\n\tat java.base/java.lang.reflect.Field.set(Field.java:780)\n\tat org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)\n\t... 9 more\n[+] Dumping Received HTTP Request. Will not be empty if PoC worked\nGET /proof-of-concept HTTP/1.1\nUser-Agent: Java/11.0.14\nHost: localhost:8000\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\nConnection: keep-alive\n```\n\n### Further Analysis\nPotential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content.\n\nSee https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.\n\nA fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information.\n\n### Timeline\n**Date reported**: 4/11/2022\n**Date fixed**: \n**Date disclosed**: 10/13/2022", 772 "id": "GHSA-mjmj-j48q-9wg2", 773 "modified": "2024-06-25T02:34:35.984825Z", 774 "published": "2022-12-12T21:19:47Z", 775 "references": [ 776 { 777 "type": "WEB", 778 "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" 779 }, 780 { 781 "type": "ADVISORY", 782 "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" 783 }, 784 { 785 "type": "PACKAGE", 786 "url": "https://bitbucket.org/snakeyaml/snakeyaml" 787 }, 788 { 789 "type": "WEB", 790 "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758" 791 }, 792 { 793 "type": "WEB", 794 "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4" 795 }, 796 { 797 "type": "WEB", 798 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479" 799 }, 800 { 801 "type": "WEB", 802 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374" 803 }, 804 { 805 "type": "WEB", 806 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314" 807 }, 808 { 809 "type": "WEB", 810 "url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471" 811 }, 812 { 813 "type": "WEB", 814 "url": "https://github.com/mbechler/marshalsec" 815 }, 816 { 817 "type": "WEB", 818 "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc" 819 }, 820 { 821 "type": "WEB", 822 "url": "https://security.netapp.com/advisory/ntap-20230818-0015" 823 }, 824 { 825 "type": "WEB", 826 "url": "https://security.netapp.com/advisory/ntap-20240621-0006" 827 }, 828 { 829 "type": "WEB", 830 "url": "https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471" 831 }, 832 { 833 "type": "WEB", 834 "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" 835 }, 836 { 837 "type": "WEB", 838 "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html" 839 }, 840 { 841 "type": "WEB", 842 "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1" 843 } 844 ], 845 "related": [ 846 "CGA-7w78-ggr5-pfxv", 847 "CGA-g9mf-8vr4-m7x9", 848 "CGA-p6jg-fjvm-fx3w", 849 "CGA-r36x-jx84-2cgp" 850 ], 851 "schema_version": "1.6.0", 852 "severity": [ 853 { 854 "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", 855 "type": "CVSS_V3" 856 } 857 ], 858 "summary": "SnakeYaml Constructor Deserialization Remote Code Execution" 859 }, 860 { 861 "affected": [ 862 { 863 "database_specific": { 864 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-rvwf-54qp-4r6v/GHSA-rvwf-54qp-4r6v.json" 865 }, 866 "package": { 867 "ecosystem": "Maven", 868 "name": "org.yaml:snakeyaml", 869 "purl": "pkg:maven/org.yaml/snakeyaml" 870 }, 871 "ranges": [ 872 { 873 "events": [ 874 { 875 "introduced": "0" 876 }, 877 { 878 "fixed": "1.26" 879 } 880 ], 881 "type": "ECOSYSTEM" 882 } 883 ], 884 "versions": [ 885 "1.10", 886 "1.11", 887 "1.12", 888 "1.13", 889 "1.14", 890 "1.15", 891 "1.16", 892 "1.17", 893 "1.18", 894 "1.19", 895 "1.20", 896 "1.21", 897 "1.22", 898 "1.23", 899 "1.24", 900 "1.25", 901 "1.4", 902 "1.5", 903 "1.6", 904 "1.7", 905 "1.8", 906 "1.9" 907 ] 908 } 909 ], 910 "aliases": [ 911 "CVE-2017-18640" 912 ], 913 "database_specific": { 914 "cwe_ids": [ 915 "CWE-776" 916 ], 917 "github_reviewed": true, 918 "github_reviewed_at": "2021-06-04T21:34:16Z", 919 "nvd_published_at": "2019-12-12T03:15:00Z", 920 "severity": "HIGH" 921 }, 922 "details": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", 923 "id": "GHSA-rvwf-54qp-4r6v", 924 "modified": "2024-03-15T05:36:20.53964Z", 925 "published": "2021-06-04T21:37:45Z", 926 "references": [ 927 { 928 "type": "ADVISORY", 929 "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640" 930 }, 931 { 932 "type": "WEB", 933 "url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E" 934 }, 935 { 936 "type": "WEB", 937 "url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948@%3Ccommits.cassandra.apache.org%3E" 938 }, 939 { 940 "type": "WEB", 941 "url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea@%3Ccommits.cassandra.apache.org%3E" 942 }, 943 { 944 "type": "WEB", 945 "url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0@%3Cdev.atlas.apache.org%3E" 946 }, 947 { 948 "type": "WEB", 949 "url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c@%3Ccommits.cassandra.apache.org%3E" 950 }, 951 { 952 "type": "WEB", 953 "url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d@%3Ccommon-dev.hadoop.apache.org%3E" 954 }, 955 { 956 "type": "WEB", 957 "url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2@%3Cpr.cassandra.apache.org%3E" 958 }, 959 { 960 "type": "WEB", 961 "url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e@%3Ccommon-issues.hadoop.apache.org%3E" 962 }, 963 { 964 "type": "WEB", 965 "url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95@%3Ccommits.servicecomb.apache.org%3E" 966 }, 967 { 968 "type": "WEB", 969 "url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a@%3Ccommits.pulsar.apache.org%3E" 970 }, 971 { 972 "type": "WEB", 973 "url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524@%3Ccommon-issues.hadoop.apache.org%3E" 974 }, 975 { 976 "type": "WEB", 977 "url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E" 978 }, 979 { 980 "type": "WEB", 981 "url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E" 982 }, 983 { 984 "type": "WEB", 985 "url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6@%3Cdev.atlas.apache.org%3E" 986 }, 987 { 988 "type": "WEB", 989 "url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da@%3Ccommits.pulsar.apache.org%3E" 990 }, 991 { 992 "type": "PACKAGE", 993 "url": "https://bitbucket.org/asomov/snakeyaml" 994 }, 995 { 996 "type": "WEB", 997 "url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596@%3Ccommon-issues.hadoop.apache.org%3E" 998 }, 999 { 1000 "type": "WEB", 1001 "url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a@%3Ccommits.atlas.apache.org%3E" 1002 }, 1003 { 1004 "type": "WEB", 1005 "url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e@%3Ccommits.cassandra.apache.org%3E" 1006 }, 1007 { 1008 "type": "WEB", 1009 "url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E" 1010 }, 1011 { 1012 "type": "WEB", 1013 "url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722@%3Cdev.atlas.apache.org%3E" 1014 }, 1015 { 1016 "type": "WEB", 1017 "url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd@%3Cdev.atlas.apache.org%3E" 1018 }, 1019 { 1020 "type": "WEB", 1021 "url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e@%3Ccommits.cassandra.apache.org%3E" 1022 }, 1023 { 1024 "type": "WEB", 1025 "url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d@%3Ccommits.cassandra.apache.org%3E" 1026 }, 1027 { 1028 "type": "WEB", 1029 "url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7@%3Ccommits.cassandra.apache.org%3E" 1030 }, 1031 { 1032 "type": "WEB", 1033 "url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E" 1034 }, 1035 { 1036 "type": "WEB", 1037 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA" 1038 }, 1039 { 1040 "type": "WEB", 1041 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6" 1042 }, 1043 { 1044 "type": "WEB", 1045 "url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages" 1046 }, 1047 { 1048 "type": "WEB", 1049 "url": "https://security.gentoo.org/glsa/202305-28" 1050 }, 1051 { 1052 "type": "WEB", 1053 "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" 1054 }, 1055 { 1056 "type": "WEB", 1057 "url": "https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c" 1058 }, 1059 { 1060 "type": "WEB", 1061 "url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion" 1062 }, 1063 { 1064 "type": "WEB", 1065 "url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack" 1066 }, 1067 { 1068 "type": "WEB", 1069 "url": "https://bitbucket.org/asomov/snakeyaml/wiki/Changes" 1070 }, 1071 { 1072 "type": "WEB", 1073 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377" 1074 }, 1075 { 1076 "type": "WEB", 1077 "url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes" 1078 }, 1079 { 1080 "type": "WEB", 1081 "url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E" 1082 }, 1083 { 1084 "type": "WEB", 1085 "url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E" 1086 }, 1087 { 1088 "type": "WEB", 1089 "url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E" 1090 }, 1091 { 1092 "type": "WEB", 1093 "url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E" 1094 }, 1095 { 1096 "type": "WEB", 1097 "url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E" 1098 }, 1099 { 1100 "type": "WEB", 1101 "url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E" 1102 }, 1103 { 1104 "type": "WEB", 1105 "url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E" 1106 }, 1107 { 1108 "type": "WEB", 1109 "url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E" 1110 }, 1111 { 1112 "type": "WEB", 1113 "url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E" 1114 }, 1115 { 1116 "type": "WEB", 1117 "url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E" 1118 }, 1119 { 1120 "type": "WEB", 1121 "url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f@%3Ccommon-issues.hadoop.apache.org%3E" 1122 }, 1123 { 1124 "type": "WEB", 1125 "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E" 1126 }, 1127 { 1128 "type": "WEB", 1129 "url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0@%3Cdev.atlas.apache.org%3E" 1130 }, 1131 { 1132 "type": "WEB", 1133 "url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953@%3Cdev.atlas.apache.org%3E" 1134 }, 1135 { 1136 "type": "WEB", 1137 "url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854@%3Ccommits.pulsar.apache.org%3E" 1138 }, 1139 { 1140 "type": "WEB", 1141 "url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94@%3Cdev.atlas.apache.org%3E" 1142 }, 1143 { 1144 "type": "WEB", 1145 "url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E" 1146 }, 1147 { 1148 "type": "WEB", 1149 "url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E" 1150 }, 1151 { 1152 "type": "WEB", 1153 "url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E" 1154 }, 1155 { 1156 "type": "WEB", 1157 "url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a@%3Ccommon-issues.hadoop.apache.org%3E" 1158 }, 1159 { 1160 "type": "WEB", 1161 "url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422@%3Cdev.atlas.apache.org%3E" 1162 }, 1163 { 1164 "type": "WEB", 1165 "url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533@%3Ccommits.cassandra.apache.org%3E" 1166 }, 1167 { 1168 "type": "WEB", 1169 "url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25@%3Ccommits.cassandra.apache.org%3E" 1170 }, 1171 { 1172 "type": "WEB", 1173 "url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda@%3Ccommon-issues.hadoop.apache.org%3E" 1174 }, 1175 { 1176 "type": "WEB", 1177 "url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea@%3Ccommits.pulsar.apache.org%3E" 1178 } 1179 ], 1180 "schema_version": "1.6.0", 1181 "severity": [ 1182 { 1183 "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", 1184 "type": "CVSS_V3" 1185 } 1186 ], 1187 "summary": "SnakeYAML Entity Expansion during load operation" 1188 }, 1189 { 1190 "affected": [ 1191 { 1192 "database_specific": { 1193 "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-w37g-rhq8-7m4j/GHSA-w37g-rhq8-7m4j.json" 1194 }, 1195 "package": { 1196 "ecosystem": "Maven", 1197 "name": "org.yaml:snakeyaml", 1198 "purl": "pkg:maven/org.yaml/snakeyaml" 1199 }, 1200 "ranges": [ 1201 { 1202 "events": [ 1203 { 1204 "introduced": "0" 1205 }, 1206 { 1207 "fixed": "1.32" 1208 } 1209 ], 1210 "type": "ECOSYSTEM" 1211 } 1212 ], 1213 "versions": [ 1214 "1.10", 1215 "1.11", 1216 "1.12", 1217 "1.13", 1218 "1.14", 1219 "1.15", 1220 "1.16", 1221 "1.17", 1222 "1.18", 1223 "1.19", 1224 "1.20", 1225 "1.21", 1226 "1.22", 1227 "1.23", 1228 "1.24", 1229 "1.25", 1230 "1.26", 1231 "1.27", 1232 "1.28", 1233 "1.29", 1234 "1.30", 1235 "1.31", 1236 "1.4", 1237 "1.5", 1238 "1.6", 1239 "1.7", 1240 "1.8", 1241 "1.9" 1242 ] 1243 } 1244 ], 1245 "aliases": [ 1246 "CVE-2022-41854" 1247 ], 1248 "database_specific": { 1249 "cwe_ids": [ 1250 "CWE-121", 1251 "CWE-787" 1252 ], 1253 "github_reviewed": true, 1254 "github_reviewed_at": "2022-11-21T22:27:27Z", 1255 "nvd_published_at": "2022-11-11T13:15:00Z", 1256 "severity": "MODERATE" 1257 }, 1258 "details": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", 1259 "id": "GHSA-w37g-rhq8-7m4j", 1260 "modified": "2024-06-25T02:34:20.451152Z", 1261 "published": "2022-11-11T19:00:31Z", 1262 "references": [ 1263 { 1264 "type": "ADVISORY", 1265 "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854" 1266 }, 1267 { 1268 "type": "PACKAGE", 1269 "url": "https://bitbucket.org/snakeyaml/snakeyaml" 1270 }, 1271 { 1272 "type": "WEB", 1273 "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a" 1274 }, 1275 { 1276 "type": "WEB", 1277 "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531" 1278 }, 1279 { 1280 "type": "WEB", 1281 "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355" 1282 }, 1283 { 1284 "type": "WEB", 1285 "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE" 1286 }, 1287 { 1288 "type": "WEB", 1289 "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR" 1290 }, 1291 { 1292 "type": "WEB", 1293 "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J" 1294 }, 1295 { 1296 "type": "WEB", 1297 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE" 1298 }, 1299 { 1300 "type": "WEB", 1301 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR" 1302 }, 1303 { 1304 "type": "WEB", 1305 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J" 1306 }, 1307 { 1308 "type": "WEB", 1309 "url": "https://security.netapp.com/advisory/ntap-20240315-0009" 1310 }, 1311 { 1312 "type": "WEB", 1313 "url": "https://security.netapp.com/advisory/ntap-20240621-0006" 1314 } 1315 ], 1316 "schema_version": "1.6.0", 1317 "severity": [ 1318 { 1319 "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", 1320 "type": "CVSS_V3" 1321 } 1322 ], 1323 "summary": "Snakeyaml vulnerable to Stack overflow leading to denial of service" 1324 } 1325 ] 1326 }