logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2018-1051

Description

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. #### Mitigation If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expecting Yaml content to prevent exploitation of this vulnerability.


Related