Astra Linux - уязвимость в snakeyaml

Those who use Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially allow for a Denial of...

Uncontrolled Recursion

Overview org.apache.commons:commons-configuration2 is a group of tools to assist in the reading of configuration/preferences files in various formats. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing untrusted YAML configuration files containing cyclic...

GHSA-337M-MW94-2V6G Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

Apache Commons 安全漏洞

Apache Commons is an Apache project focused on reusable Java components, developed by the Apache Foundation in the United States. There were security vulnerabilities in versions of Apache Commons from 2.2 to 2.15.0. These vulnerabilities stemmed from uncontrolled recursion when processing YAML...

CVE-2026-40315

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...

yaml-libyaml: LibYAML Perl File Modification Vulnerability

A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...

Go-Yaml 安全漏洞

Go-Yaml is a Yaml support for the Go language. It enables Go programs to easily encode and decode Yaml values. A security vulnerability exists in Go-Yaml that stems from unrestricted alias tracking, where a maliciously crafted YAML file may cause the system to consume large amounts of system...

charleskorn kaml 安全漏洞

charleskorn kaml is an open source implementation of the YAML format that supports kotlinx.serialization. A security vulnerability exists in versions of kaml prior to 0.35.3 that allows an attacker to provide arbitrary YAML input to an application using kaml An attacker could cause the applicatio...

UBUNTU-CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CloudBees Jenkins Pipeline Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Pipeline: AWS Steps Plugin is used in one ...

CloudBees Jenkins OpenShift Pipeline Plugin Remote Code Execution Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Pipeline Plugin is used in which a plug-in with the ability to deploy...

yaml-cpp denial of service vulnerability (CNVD-2019-03333)

yaml-cpp aka LibYaml-C++ is a C++ parser for use in YAML. A denial of service vulnerability exists in the 'SingleDocParser::HandleFlowMap' function in yaml-cpp version 0.6.2. A remote attacker can exploit this vulnerability to cause a denial of service stack consumption and application crash with...

DEBIAN-CVE-2018-20573

The Scanner::EnsureTokensInQueue function in yaml-cpp aka LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file...

Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2015-482)

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

Medium: perl-YAML-LibYAML

Issue Overview: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. Affected Packages: perl-YAML-LibYAML Issue Correction: Run yum update...

Scientific Linux Security Update : libyaml on SL6.x, SL7.x i386/x86_64 (20150128)

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. CVE-2014-9130 All running applications linked against the libyaml library must be...

DLA-110-1 libyaml - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3102-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2014-0508 Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130

Updated yaml and perl-YAML-LibYAML packages fix security vulnerability: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash CVE-2014-9130...