org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service

search cancel

org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service

book

Article ID: 255245

calendar_today

Updated On:

Products

CA Application Performance Management SaaS

Issue/Introduction

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

Environment

Release : SAAS

Resolution

Vulnerability fixed in 2022.11 Agents which is now GA.

Feedback

thumb_up Yes

thumb_down No