4 matches found
USN-7465-1 mistral, python-mistral-lib vulnerabilities
It was discovered that Mistral incorrectly handled nested anchors in YAML files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-16848 Pierre Gaxatte discovered that Mistral incorrectly handled erroneous SSH private key...
GHSA-VJ49-J7RC-H54F Esoteric YamlBeans XML Entity Expansion vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
YamlBeans 代码问题漏洞
YamlBeans is an open source library from Esoteric Software. Can be easily Java object graph with YAML. A security vulnerability exists in Esoteric Software YamlBeans 1.15 and earlier versions, which stems from the ability of a carefully crafted YAML document to perform an XML entity expansion...
PT-2023-21575 · Kaml · Kaml
Name of the Vulnerable Software and Affected Versions: kaml versions prior to 0.53.0 Description: The issue affects applications that use kaml to parse untrusted input containing anchors and aliases, potentially leading to excessive memory consumption and crashes. This is related to a class of...