Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
EsotericsoftwareYamlbeans

2 matches found

CVE
CVEadded 2023/08/25 12:0 a.m.95 views

CVE-2023-24621

CVE-2023-24621 concerns Esoteric YamlBeans up to version 1.15, where untrusted deserialization to Java classes is possible by default because the data and class are controlled by the author of the YAML document. The public descriptions consistently describe this as a deserialization vulnerability...

7.8CVSS7.5AI score0.00444EPSS
CVE
CVEadded 2023/08/25 12:0 a.m.68 views

CVE-2023-24620

Esoteric YamlBeans (1.15 and earlier) contains a YAMLReader XML Entity Expansion vulnerability. A crafted YAML document exploits the YAML Anchor feature, allowing small inputs to expand to large sizes and trigger high CPU/memory usage, including Java OOMs. Connected sources corroborate the issue ...

5.5CVSS5.3AI score0.00358EPSS