Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vj49-j7rc-h54f: Esoteric YamlBeans XML Entity Expansion vulnerability

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.

ghsa
#vulnerability#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-24620

Esoteric YamlBeans XML Entity Expansion vulnerability

Moderate severity GitHub Reviewed Published Aug 25, 2023 to the GitHub Advisory Database • Updated Aug 25, 2023

Package

maven com.esotericsoftware.yamlbeans:yamlbeans (Maven)

Affected versions

<= 1.15

Published to the GitHub Advisory Database

Aug 25, 2023

Last updated

Aug 25, 2023

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission