Описание
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.26 (исключая)
cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.3.4 (включая)
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Конфигурация 4
Одно из
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02166
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-776
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 6 лет назад
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVSS3: 7.6
redhat
около 6 лет назад
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVSS3: 7.5
msrc
2 месяца назад
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVSS3: 7.5
debian
около 6 лет назад
The Alias feature in SnakeYAML before 1.26 allows entity expansion dur ...
EPSS
Процентиль: 84%
0.02166
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-776