Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
References
Link | Resource |
---|---|
https://tanzu.vmware.com/security/cve-2022-31691 | Vendor Advisory |
https://tanzu.vmware.com/security/cve-2022-31691 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://tanzu.vmware.com/security/cve-2022-31691 - Vendor Advisory |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://tanzu.vmware.com/security/cve-2022-31691 - Vendor Advisory | |
CPE | cpe:2.3:a:vmware:concourse_ci_pipeline_editor:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:spring_tools:*:*:*:*:*:eclipse:*:* cpe:2.3:a:vmware:cloudfoundry_manifest_yml_support:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:bosh_editor:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:spring_boot_tools:*:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
04 Nov 2022, 19:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-04 19:15
Updated : 2024-11-21 07:05
NVD link : CVE-2022-31691
Mitre link : CVE-2022-31691
CVE.ORG link : CVE-2022-31691
JSON object : View
Products Affected
vmware
- spring_boot_tools
- bosh_editor
- cloudfoundry_manifest_yml_support
- concourse_ci_pipeline_editor
- spring_tools
CWE