2 matches found
ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.13), ca.vanzyl.concord:concord-k8s-server (>=0.0.1 <=0.0.10) +16 more potentially affected by CVE-2018-1051 via org.jboss.resteasy:resteasy-yaml-provider (>=3.1.0.Beta1 <=3.6.0.CR1)
org.jboss.resteasy:resteasy-yaml-provider MAVEN version =3.1.0.Beta1, =0.0.2, =0.0.1, =0.0.8, =1.18.0, =1.38.0, =1.44.0, =1.37.0, =1.44.0, =1.0.0, =1.18.0, =1.0.0, =1.0.0, =0.0.27, =0.0.11, =0.0.27, =0.0.31 and more Source cves: CVE-2018-1051 Source advisory: OSV:GHSA-M2FV-3RQM-G7P5...
Remote Code Execution (RCE)
resteasy-yaml-provider is vulnerable to remote code execution RCE attacks. These attacks are possible because of an incomplete fix for CVE-2016-9606 which still uses Yaml.load in the YamlProvider. This issue only affects applications which have the YamlProvider explicitly enabled by adding or...