Affected versions of this package are vulnerable to Stack-based Buffer Overflow in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject when parsing crafted untrusted YAML files, which can lead to a denial-of-service.
Remediation
Upgrade org.yaml:snakeyaml to version 1.31 or higher.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow in
org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
when parsing crafted untrusted YAML files, which can lead to a denial-of-service.Remediation
Upgrade
org.yaml:snakeyaml
to version 1.31 or higher.References