242 matches found
USN-7368-1: SnakeYAML vulnerability
It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...
CVE-2024-43405
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS sco...
GHSA-7H5P-MMPP-HGMM Nuclei Template Signature Verification Bypass
Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...
Nuclei Template Signature Verification Bypass
Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...
CVE-2024-43405
Insight: CVE-2024-43405 affects ProjectDiscovery Nuclei. The issue is in the template signature verification (signer package), where a newline handling discrepancy between the signature verification and YAML parsing allows an attacker to craft templates that bypass digest verification and potenti...
USN-6838-1 ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities
It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdocoptions file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2024-27281 It was discovered that the Ruby regex...
Infinite Loop
LibYAML is vulnerable to an Infinite loop. The vulnerability is due to improper handling of buffer states during YAML parsing. An attackers can exploit this by crafting a specific input to the YAML parser which potentially leads to a Denial-of-Service DoS condition...
[SECURITY] Fedora 40 Update: snakeyaml-1.33-3.fc40
SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
dev-java/snakeyaml: DoS via stack overflow
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
Code Injection
boofcv-io is vulnerable to Code Injection. The vulnerability exists because the createYmlObject function of CalibrationIO.java does not properly set the code point limit for the yaml parser, which allows an attacker to inject and execute malicious code by loading a maliciously crafted camera...
dev-java/snakeyaml: DoS via stack overflow
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...
dev-java/snakeyaml: DoS via stack overflow
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...
snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service...
CVE-2023-28118
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...
USN-5944-1: SnakeYAML vulnerabilities
It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resultin...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...