Security
Headlines

Headlines Latest CVEs

Headline

GHSA-vj49-j7rc-h54f: Esoteric YamlBeans XML Entity Expansion vulnerability

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.

1 year ago

#vulnerability #git #java #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2023-24620

Esoteric YamlBeans XML Entity Expansion vulnerability

Moderate severity GitHub Reviewed Published Aug 25, 2023 to the GitHub Advisory Database • Updated Aug 25, 2023

Package

maven com.esotericsoftware.yamlbeans:yamlbeans (Maven)

Affected versions

<= 1.15

Published to the GitHub Advisory Database

Aug 25, 2023

Last updated

Aug 25, 2023

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

1 day ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

1 day ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

1 day ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

2 days ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

2 days ago