CVE-2017-18640

Опубликовано: 12 дек. 2019

Источник: debian

EPSS Низкий

Описание

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Пакет	Статус	Версия исправления	Релиз	Тип
snakeyaml	fixed	1.25+ds-3		package
snakeyaml	no-dsa		buster	package
snakeyaml	no-dsa		stretch	package
snakeyaml	no-dsa		jessie	package

https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
Patch to introduce a configuration option to restrict aliases for
collections:
https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c

EPSS

Процентиль: 84%

0.02166

Низкий

CVE-2017-18640

CVSS3: 7.5

ubuntu

около 6 лет назад

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CVE-2017-18640

CVSS3: 7.6

redhat

около 6 лет назад

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CVE-2017-18640

CVSS3: 7.5

nvd

около 6 лет назад

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CVE-2017-18640

CVSS3: 7.5

msrc

2 месяца назад

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

openSUSE-SU-2021:1876-1

suse-cvrf

больше 4 лет назад

Security update for snakeyaml

EPSS

Процентиль: 84%

0.02166

Низкий