Количество 2
Количество 2
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.
GHSA-vj49-j7rc-h54f
Esoteric YamlBeans XML Entity Expansion vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-24620 An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception. | CVSS3: 5.5 | 0% Низкий | больше 2 лет назад |
| GHSA-vj49-j7rc-h54f Esoteric YamlBeans XML Entity Expansion vulnerability | CVSS3: 5.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу