The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libyaml-snake-java-doc": "1.12-2ubuntu0.14.04.1~esm1", "libyaml-snake-java": "1.12-2ubuntu0.14.04.1~esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libyaml-snake-java-doc": "1.12-2ubuntu0.16.04.1~esm1", "libyaml-snake-java": "1.12-2ubuntu0.16.04.1~esm1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libyaml-snake-java-doc": "1.23-1+deb10u1build0.18.04.1", "libyaml-snake-java": "1.23-1+deb10u1build0.18.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libyaml-snake-java-doc": "1.25+ds-2ubuntu0.1", "libyaml-snake-java": "1.25+ds-2ubuntu0.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libyaml-snake-java-doc": "1.29-1ubuntu0.22.04.1", "libyaml-snake-java": "1.29-1ubuntu0.22.04.1" } ] }