Home > Vulnerability Database > CVE-2022-31691

Mend.io Vulnerability Database

CVE-2022-31691

Good to know:

Date: November 4, 2022

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.

Language: Java

Severity Score

9.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31691

Url: https://tanzu.vmware.com/security/cve-2022-31691

Url: https://www.mend.io/vulnerability-database/CVE-2022-31691

Severity Score

9.8

Weakness Type (CWE)

Code Injection

CWE-94

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version V_1.40.0,4.16.1.RELEASE

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31691

Good to know:

Date: November 4, 2022

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?