Apply template

XML

Word

Printable

Details

Type: Work Item
Status: Done
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: connectors/1.39.0, 8.0.1-R2022-11
Component/s: None
Labels:
- CN
- CVE
- CVE-2022-25857
- UA
- cve

Epic Link:
Security lib update
GreenHopper Ranking:
0|i2j1qz:
GreenHopper Ranking (Obsolete):
9223372036854775807

Description

Denial Of Service (DoS) in Talend/cloud-components (master)

Issue Details

Vulnerability: Denial Of Service (DoS)
Severity: Medium
Project: Talend/cloud-components
Branch: master
Scan Date: Unknown

Issue Description

snakeyaml is vulnerable to denial of service. The vulnerability exists because the `Composer` function of `Composer.java` does not properly restrict the nested depth limitation for collections, allowing an attacker to crash the application.

View more details

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

CVE-2022-25857_cloud_components.png
260 kB
21/Nov/22 9:56 AM
CVE-2022-25857_connector_ee.png
254 kB
21/Nov/22 9:55 AM

Activity

People

Assignee:: pierre teyssier

Reporter:: Wei Wang

Fixed by:: Dmytro Grygorenko (Inactive), qiyan liu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 29/Nov/2022

Created:: 05/Sep/22 3:35 AM

Updated:: 29/Dec/22 3:51 AM

Resolved:: 23/Nov/22 11:11 AM

Time Tracking

Estimated:

Remaining:

Logged: