Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.testifyproject.external/external-snakeyaml@1.0.0
Typemaven
Namespaceorg.testifyproject.external
Nameexternal-snakeyaml
Version1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-6354-p39b-zbhp
vulnerability_id VCID-6354-p39b-zbhp
summary 
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38749.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38749.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38749
reference_id
reference_type
scores
0
value 0.00533
scoring_system epss
scoring_elements 0.67405
published_at 2026-04-21T12:55:00Z
1
value 0.00533
scoring_system epss
scoring_elements 0.67428
published_at 2026-04-18T12:55:00Z
2
value 0.00533
scoring_system epss
scoring_elements 0.67415
published_at 2026-04-16T12:55:00Z
3
value 0.00533
scoring_system epss
scoring_elements 0.6738
published_at 2026-04-13T12:55:00Z
4
value 0.00533
scoring_system epss
scoring_elements 0.67414
published_at 2026-04-12T12:55:00Z
5
value 0.00533
scoring_system epss
scoring_elements 0.67426
published_at 2026-04-11T12:55:00Z
6
value 0.00533
scoring_system epss
scoring_elements 0.67406
published_at 2026-04-09T12:55:00Z
7
value 0.00533
scoring_system epss
scoring_elements 0.67392
published_at 2026-04-08T12:55:00Z
8
value 0.00533
scoring_system epss
scoring_elements 0.67364
published_at 2026-04-04T12:55:00Z
9
value 0.00533
scoring_system epss
scoring_elements 0.67341
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38749
2
reference_url https://arxiv.org/pdf/2306.05534.pdf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://arxiv.org/pdf/2306.05534.pdf
3
reference_url https://bitbucket.org/snakeyaml/snakeyaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml
4
reference_url https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
5
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38749
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38749
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38749
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-38749
10
reference_url https://security.gentoo.org/glsa/202305-28
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202305-28
11
reference_url https://security.netapp.com/advisory/ntap-20240315-0010
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240315-0010
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2129706
reference_id 2129706
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2129706
13
reference_url https://github.com/advisories/GHSA-c4r9-r8fh-9vj2
reference_id GHSA-c4r9-r8fh-9vj2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4r9-r8fh-9vj2
14
reference_url https://access.redhat.com/errata/RHSA-2022:6757
reference_id RHSA-2022:6757
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6757
15
reference_url https://access.redhat.com/errata/RHSA-2022:8524
reference_id RHSA-2022:8524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8524
16
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
17
reference_url https://access.redhat.com/errata/RHSA-2022:8876
reference_id RHSA-2022:8876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8876
18
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
19
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
20
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
21
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
22
reference_url https://usn.ubuntu.com/5944-1/
reference_id USN-5944-1
reference_type
scores
url https://usn.ubuntu.com/5944-1/
fixed_packages
aliases CVE-2022-38749, GHSA-c4r9-r8fh-9vj2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6354-p39b-zbhp
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.testifyproject.external/external-snakeyaml@1.0.0