OESA-2023-1503

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1503

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1503.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1503

Upstream

CVE-2022-41854

Published

2023-08-12T11:05:41Z

Modified

2025-08-12T05:15:18.353503Z

Summary

snakeyaml security update

Details

SnakeYAML is a YAML parser and emitter for the Java Virtual Machine. YAML is a data serialization format designed for human readability and interaction with scripting languages.

Security Fix(es):

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.(CVE-2022-41854)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS / snakeyaml

Package

Name: snakeyaml
Purl: pkg:rpm/openEuler/snakeyaml&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.32-1.oe2203

Ecosystem specific

{
    "noarch": [
        "snakeyaml-1.32-1.oe2203.noarch.rpm",
        "snakeyaml-javadoc-1.32-1.oe2203.noarch.rpm"
    ],
    "src": [
        "snakeyaml-1.32-1.oe2203.src.rpm"
    ]
}