Sign In

CVE-2022-25857

ADVISORY - github

Summary

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

EPSS Score: 0.0028 (0.511)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADVISORY - github

CWE-400

Uncontrolled Resource Consumption

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-400

Uncontrolled Resource Consumption

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2022-25857
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-776

CVSS SCORE

7.5high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-3mc7-4q67-w48m
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-400CWE-776

CVSS SCORE

7.5high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2022-25857
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2022-25857
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2022-25857

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-776CWE-937

CVSS SCORE

7.5high

Alma

CREATED

UPDATED

ADVISORY IDALSA-2022:6820
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2023-1976
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2022-25857
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-400

CVSS SCORE

7.5high

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2022:6820
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2023:2097
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2022-6820
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-4v88-fh58-2mpr

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-8mhp-9r8c-whw4

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-fg3f-7mvr-6xjj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-v8c3-wc4q-hfmx

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-w753-xwwq-8ch4

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2022-25857
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY