It was discovered that SnakeYAML did not limit the maximal nested depth
for collections when parsing YAML data. If a user or automated system were
tricked into opening a specially crafted YAML file, an attacker could
possibly use this issue to cause applications using SnakeYAML to crash,
resulting in a denial of service. (CVE-2022-25857, CVE-2022-38749,
CVE-2022-38750)
It was discovered that SnakeYAML did not limit the maximal data matched
with regular expressions when parsing YAML data. If a user or automated
system were tricked into opening a specially crafted YAML file, an
attacker could possibly use this issue to cause applications using
SnakeYAML to crash, resulting in a denial of service. (CVE-2022-38751)
More Stories
php-8.3.12-1.fc40
FEDORA-2024-2b429e720e Packages in this update: php-8.3.12-1.fc40 Update description: PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of...
php-8.3.12-1.fc41
FEDORA-2024-a03b06dbd0 Packages in this update: php-8.3.12-1.fc41 Update description: PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of...
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful...
USN-7033-1: Intel Microcode vulnerabilities
It was discovered that some Intel(R) Processors did not properly restrict access to the Running Average Power Limit (RAPL) interface....
xen-4.17.5-2.fc39
FEDORA-2024-020dbf247c Packages in this update: xen-4.17.5-2.fc39 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] update to xen-4.17.5 Read More