24 matches found
EUVD-2023-2362
Malicious code in bioql PyPI...
EUVD-2023-2320
Malicious code in bioql PyPI...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
Denial Of Service (DoS)
yamlbeans is vulnerable to Denial Of Service DoS. The vulnerability exists due to a lack of entity expansion limits when parsing a YAML document. An attacker can exploit this flaw by creating a document small in size, but when expanded via the anchor feature expands to a large size, causing...
Esoteric YamlBeans XML Entity Expansion vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
GHSA-VJ49-J7RC-H54F Esoteric YamlBeans XML Entity Expansion vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
Esoteric YamlBeans Unsafe Deserialization vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
GHSA-JM7R-4PG6-GF26 Esoteric YamlBeans Unsafe Deserialization vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
Design/Logic Flaw
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
YamlBeans 代码问题漏洞
YamlBeans is an open source library from Esoteric Software. Can be easily Java object graph with YAML. A security vulnerability exists in Esoteric Software YamlBeans 1.15 and earlier versions, which stems from the ability of a carefully crafted YAML document to perform an XML entity expansion...
Esoteric Software YamlBeans 代码问题漏洞
YamlBeans is an open source library from Esoteric Software. Can easily Java object graph with YAML. A security vulnerability exists in Esoteric Software YamlBeans 1.15 and earlier versions that stems from allowing untrusted deserialization of Java classes...
PT-2023-19713 · Unknown · Esoteric Yamlbeans
Name of the Vulnerable Software and Affected Versions: Esoteric YamlBeans versions through 1.15 Description: An issue was discovered in Esoteric YamlBeans that allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document...
CVE-2023-24621
CVE-2023-24621 concerns Esoteric YamlBeans up to version 1.15, where untrusted deserialization to Java classes is possible by default because the data and class are controlled by the author of the YAML document. The public descriptions consistently describe this as a deserialization vulnerability...