Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:22499
HistoryFeb 13, 2020 - 5:33 a.m.

Denial Of Service (DoS)

2020-02-1305:33:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
31

EPSS

0.019

Percentile

88.5%

snakeyaml is vulnerable to denial of service. The library allows an attacker to crash the application through an entity expansion attack, also known as billion laughs attack, by providing a malicious YAML file to be parsed.

References