CVE-2022-25857 - Denial of Service (DoS)

Severity: High2023-01-06

Security Advisories

Abstract

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

The Oxygen products incorporate SnakeYAML as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Author v24.1 and olderLow Oxygen XML Author 24.1 build 2022092207
Oxygen XML Developer v24.1 and olderLow Oxygen XML Developer 24.1 build 2022092207
Oxygen XML Editor v24.1 and olderLow Oxygen XML Editor 24.1 build 2022092207
Oxygen Content Fusion v5.0.1 and olderHigh Oxygen Content Fusion 5.0.2 build 2022121305
Oxygen Publishing Engine v24.1 and olderLow Oxygen Publishing Engine 24.1 build 2022092200

Mitigation

None

Detail

CVE-2022-25857

Severity: High

CVSS Score: 7.5

The SnakeYAML third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-25857 vulnerability description.

List of Security Advisories