Information on source package snakeyaml

Available versions

ReleaseVersion
buster1.23-1
buster (security)1.23-1+deb10u1
bullseye1.28-1+deb11u2
bookworm1.33-2
trixie1.33-2
sid1.33-2

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2017-18640vulnerable (no DSA)fixedfixedfixedfixedThe Alias feature in SnakeYAML before 1.26 allows entity expansion dur ...

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2022-41854fixedvulnerablefixedfixedfixedThose using Snakeyaml to parse untrusted YAML files may be vulnerable ...
CVE-2022-38752vulnerablevulnerablefixedfixedfixedUsing snakeYAML to parse untrusted YAML files may be vulnerable to Den ...
CVE-2022-1471vulnerablevulnerablevulnerablevulnerablevulnerableSnakeYaml's Constructor() class does not restrict types which can be i ...

Resolved issues

BugDescription
CVE-2022-38751Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...
CVE-2022-38750Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...
CVE-2022-38749Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...
CVE-2022-25857The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable t ...

Security announcements

DSA / DLADescription
DLA-3132-1snakeyaml - security update

Search for package or bug name: Reporting problems