We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /tmp/ws-scm/activity-based-security-framework/easy-abac-demo/pom.xml
Path to vulnerable library: /root/.m2/repository/org/yaml/snakeyaml/1.23/snakeyaml-1.23.jar
Dependency Hierarchy:
Found in HEAD commit: 8bbff5879cc09245170f0d2d2a5d8de68c9a0b7d
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Publish Date: 2019-12-12
URL: CVE-2017-18640
Base Score Metrics:
Type: Upgrade version
Origin: https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
Release Date: 2020-03-08
Fix Resolution: 1.26
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered:
No branches or pull requests
CVE-2017-18640 - High Severity Vulnerability
Vulnerable Library - snakeyaml-1.23.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /tmp/ws-scm/activity-based-security-framework/easy-abac-demo/pom.xml
Path to vulnerable library: /root/.m2/repository/org/yaml/snakeyaml/1.23/snakeyaml-1.23.jar
Dependency Hierarchy:
Found in HEAD commit: 8bbff5879cc09245170f0d2d2a5d8de68c9a0b7d
Vulnerability Details
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Publish Date: 2019-12-12
URL: CVE-2017-18640
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c
Release Date: 2020-03-08
Fix Resolution: 1.26
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: