243 matches found
GHSA-HJGM-F7VX-M5G7 Deserialization of Untrusted Data in Apache Heron
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
Deserialization of Untrusted Data in Apache Heron
It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...
ROS-2-2225
2.2225 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ROS-2-2163
2.2163 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
Design/Logic Flaw
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...
USN-4940-1: PyYAML vulnerability
It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code...
PyYAML Input Validation Error Vulnerability
PyYAML is a Python based YAML parser and generator. An input validation error vulnerability exists in PyYAML that arises from a network system or product that does not properly validate input data...
Fedora: Security Advisory for PyYAML (FEDORA-2021-eed7193502)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
Fedora: Security Advisory for PyYAML (FEDORA-2021-3342569a0f)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-5423
CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...
CVE-2020-5423
CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...
Design/Logic Flaw
CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...
CVE-2020-5423 Cloud Controller is vulnerable to denial of service via YAML parsing
CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...
PT-2020-19749 · Js Yaml +3 · Js-Yaml +3
Name of the Vulnerable Software and Affected Versions: grunt versions prior to 1.3.0 Description: The issue is related to Arbitrary Code Execution due to the default usage of the load function instead of its secure replacement safeLoad of the js-yaml package inside grunt.file.readYAML...
yaml-cpp: Denial of service
Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...
CVE-2020-2211
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
Remote code execution
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2020-2211
CVE-2020-2211 affects Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin (versions ≤ 1.3). The root cause is that the YAML parser is not configured to prevent instantiation of arbitrary types, enabling remote code execution. The CVE entry notes a questionable attack surface but does not provide e...