You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /tmp/ws-ua/downloadResource_838cf389-c84b-4d10-aeb9-d1a45e705c41/20200307204515/snakeyaml-1.23.jar,/tmp/ws-ua/downloadResource_838cf389-c84b-4d10-aeb9-d1a45e705c41/20200307204515/snakeyaml-1.23.jar
CVE-2017-18640 - High Severity Vulnerability
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /build.gradle
Path to vulnerable library: /tmp/ws-ua/downloadResource_838cf389-c84b-4d10-aeb9-d1a45e705c41/20200307204515/snakeyaml-1.23.jar,/tmp/ws-ua/downloadResource_838cf389-c84b-4d10-aeb9-d1a45e705c41/20200307204515/snakeyaml-1.23.jar
Dependency Hierarchy:
Found in HEAD commit: 5661c5165fa5911175796f458bfc71c615c78ba2
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Publish Date: 2019-12-12
URL: CVE-2017-18640
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640
Release Date: 2019-12-12
Fix Resolution (org.yaml:snakeyaml): 1.26
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter): 2.3.0.RELEASE
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: