3 matches found
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
CVE-2023-24620
Esoteric YamlBeans (1.15 and earlier) contains a YAMLReader XML Entity Expansion vulnerability. A crafted YAML document exploits the YAML Anchor feature, allowing small inputs to expand to large sizes and trigger high CPU/memory usage, including Java OOMs. Connected sources corroborate the issue ...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...