Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:22 a.m.6 views

CVE-2023-24621

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...

7.8CVSS6.8AI score0.00444EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:56 a.m.6 views

CVE-2023-24620

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...

5.5CVSS6.7AI score0.00358EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2023/08/25 9:30 p.m.33 views

Esoteric YamlBeans XML Entity Expansion vulnerability

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...

5.5CVSS6.8AI score0.00358EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/25 9:30 p.m.31 views

Esoteric YamlBeans Unsafe Deserialization vulnerability

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...

7.8CVSS6.9AI score0.00444EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/08/25 9:30 p.m.4 views

GHSA-JM7R-4PG6-GF26 Esoteric YamlBeans Unsafe Deserialization vulnerability

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...

7.8CVSS5.9AI score0.00444EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/08/25 8:15 p.m.2 views

CVE-2023-24621

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...

7.8CVSS5.9AI score0.00444EPSS
Exploits1References4
Prion
Prion
added 2023/08/25 8:15 p.m.24 views

Design/Logic Flaw

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...

1.9CVSS5.4AI score0.00358EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/08/25 12:0 a.m.35 views

CVE-2023-24620

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...

5.6AI score0.00358EPSS
Exploits1References3
CVE
CVE
added 2023/08/25 12:0 a.m.96 views

CVE-2023-24621

CVE-2023-24621 concerns Esoteric YamlBeans up to version 1.15, where untrusted deserialization to Java classes is possible by default because the data and class are controlled by the author of the YAML document. The public descriptions consistently describe this as a deserialization vulnerability...

7.8CVSS7.5AI score0.00444EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/25 12:0 a.m.8 views

CVE-2023-24620

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...

6.7AI score0.00358EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/25 12:0 a.m.13 views

CVE-2023-24621

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...

6.8AI score0.00444EPSS
Exploits1References3
CVE
CVE
added 2023/08/25 12:0 a.m.71 views

CVE-2023-24620

Esoteric YamlBeans (1.15 and earlier) contains a YAMLReader XML Entity Expansion vulnerability. A crafted YAML document exploits the YAML Anchor feature, allowing small inputs to expand to large sizes and trigger high CPU/memory usage, including Java OOMs. Connected sources corroborate the issue ...

5.5CVSS5.3AI score0.00358EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/25 12:0 a.m.4 views

PT-2023-19713 · Unknown · Esoteric Yamlbeans

Name of the Vulnerable Software and Affected Versions: Esoteric YamlBeans versions through 1.15 Description: An issue was discovered in Esoteric YamlBeans that allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document...

7.8CVSS7.3AI score0.00444EPSS
Exploits1References14
OSV
OSV
added 2023/08/25 12:0 a.m.22 views

CVE-2023-24621

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...

7.8CVSS7.1AI score0.00444EPSS
Exploits1References5
Rows per page
Query Builder