CVE-2022-25857 - Denial of Service (DoS)
Severity: High2023-01-06
Abstract
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
The Oxygen products incorporate SnakeYAML as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Author v24.1 and older | Low | Oxygen XML Author 24.1 build 2022092207 |
Oxygen XML Developer v24.1 and older | Low | Oxygen XML Developer 24.1 build 2022092207 |
Oxygen XML Editor v24.1 and older | Low | Oxygen XML Editor 24.1 build 2022092207 |
Oxygen Content Fusion v5.0.1 and older | High | Oxygen Content Fusion 5.0.2 build 2022121305 |
Oxygen Publishing Engine v24.1 and older | Low | Oxygen Publishing Engine 24.1 build 2022092200 |