Closed github-actions[bot] closed 1 year ago
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing crafted untrusted YAML files, which can lead to a denial-of-service.
Upgrade org.yaml:snakeyaml to version 1.31 or higher.
org.yaml:snakeyaml
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing crafted untrusted YAML files, which can lead to a denial-of-service.
Remediation
Upgrade
org.yaml:snakeyaml
to version 1.31 or higher.References