Security
Headlines

Headlines Latest CVEs

Headline

GHSA-vj49-j7rc-h54f: Esoteric YamlBeans XML Entity Expansion vulnerability

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.

1 year ago

#vulnerability #git #java #maven

GitHub Advisory Database
GitHub Reviewed
CVE-2023-24620

Esoteric YamlBeans XML Entity Expansion vulnerability

Moderate severity GitHub Reviewed Published Aug 25, 2023 to the GitHub Advisory Database • Updated Aug 25, 2023

Package

maven com.esotericsoftware.yamlbeans:yamlbeans (Maven)

Affected versions

<= 1.15

Published to the GitHub Advisory Database

Aug 25, 2023

Last updated

Aug 25, 2023

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

6 hours ago

GHSA-jjxq-ff2g-95vh: Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

6 hours ago

GHSA-6377-hfv9-hqf6: Twig has unguarded calls to `__toString()` when nesting an object into an array

6 hours ago

GHSA-hv6m-qj65-26q3: UnoPim Cross-site Scripting vulnerability

8 hours ago

GHSA-rhm9-gp5p-5248: Gradio vulnerable to arbitrary file read with File and UploadButton components

10 hours ago