Headline
GHSA-vj49-j7rc-h54f: Esoteric YamlBeans XML Entity Expansion vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-24620
Esoteric YamlBeans XML Entity Expansion vulnerability
Moderate severity GitHub Reviewed Published Aug 25, 2023 to the GitHub Advisory Database • Updated Aug 25, 2023
Package
maven com.esotericsoftware.yamlbeans:yamlbeans (Maven)
Affected versions
<= 1.15
Published to the GitHub Advisory Database
Aug 25, 2023
Last updated
Aug 25, 2023