CVEs-PoC/2022/CVE-2022-25857.md at 8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-12 21:42:20 +02:00

Files

T

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

1.2 KiB

Raw Blame History

CVE-2022-25857

Description

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

POC

Reference

https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174
https://bitbucket.org/snakeyaml/snakeyaml/issues/525

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
https://github.com/NicheToolkit/rest-toolkit
https://github.com/danielps99/startquarkus
https://github.com/fernandoreb/dependency-check-springboot
https://github.com/mosaic-hgw/WildFly
https://github.com/scordero1234/java_sec_demo-main
https://github.com/sr-monika/sprint-rest
https://github.com/srchen1987/springcloud-distributed-transaction

1.2 KiB Raw Blame History

CVE-2022-25857

Description

POC

Reference

Github

1.2 KiB

Raw Blame History