You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Yugandher reddy vonteddu (Jira)" <ji...@apache.org> on 2022/09/12 07:12:00 UTC
[jira] [Updated] (TOMEE-4041) 4 CVE Vulnerabilities in snakeyaml-1.30.jar
[ https://issues.apache.org/jira/browse/TOMEE-4041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yugandher reddy vonteddu updated TOMEE-4041:
--------------------------------------------
Description:
There are 4 new CVE variabilities in snakeyaml-1.30.jar vulnerable to Denial of Service attacks (DOS)
[CVE-2022-25857|https://nvd.nist.gov/vuln/detail/CVE-2022-25857]
[CVE-2022-38749|https://nvd.nist.gov/vuln/detail/CVE-2022-38749]
[CVE-2022-38750|https://nvd.nist.gov/vuln/detail/CVE-2022-38750]
[CVE-2022-38751|https://nvd.nist.gov/vuln/detail/CVE-2022-38751]
was:
There are 4 new CVE variabilities in snakeyaml-1.30.jar
[CVE-2022-25857|https://nvd.nist.gov/vuln/detail/CVE-2022-25857]
[CVE-2022-38749|https://nvd.nist.gov/vuln/detail/CVE-2022-38749]
[CVE-2022-38750|https://nvd.nist.gov/vuln/detail/CVE-2022-38750]
[CVE-2022-38751|https://nvd.nist.gov/vuln/detail/CVE-2022-38751]
> 4 CVE Vulnerabilities in snakeyaml-1.30.jar
> --------------------------------------------
>
> Key: TOMEE-4041
> URL: https://issues.apache.org/jira/browse/TOMEE-4041
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 8.0.12
> Reporter: Yugandher reddy vonteddu
> Priority: Major
> Labels: CVE
>
> There are 4 new CVE variabilities in snakeyaml-1.30.jar vulnerable to Denial of Service attacks (DOS)
> [CVE-2022-25857|https://nvd.nist.gov/vuln/detail/CVE-2022-25857]
> [CVE-2022-38749|https://nvd.nist.gov/vuln/detail/CVE-2022-38749]
> [CVE-2022-38750|https://nvd.nist.gov/vuln/detail/CVE-2022-38750]
> [CVE-2022-38751|https://nvd.nist.gov/vuln/detail/CVE-2022-38751]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)