CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
19.0%
yamlbeans is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a lack of entity expansion limits when parsing a YAML document. An attacker can exploit this flaw by creating a document small in size, but when expanded via the anchor feature expands to a large size, causing excessive CPU and memory consumption, allowing an attacker to crash the application by providing a maliciously crafted YAML document.