CVE-2017-18640
published 2019-12-12CVE-2017-18640: The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | snakeyaml | < snakeyaml 1.25+ds-3 (bookworm) | snakeyaml 1.25+ds-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_snakeyaml_1.25-2_on_cbl_mariner_2.0 | — | — |
| oracle | peoplesoft_enterprise_pt_peopletools | — | — |
| oracle | peoplesoft_enterprise_pt_peopletools | — | — |
| oracle | peoplesoft_enterprise_pt_peopletools | — | — |
| quarkus | quarkus | <= 1.3.4 | — |
| snakeyaml_project | snakeyaml | < 1.26 | 1.26 |
| snakeyaml_project | snakeyaml | >= 0 < 1.25+ds-3 | 1.25+ds-3 |
| snakeyaml_project | snakeyaml | >= 0 < 1.25+ds-3 | 1.25+ds-3 |
| snakeyaml_project | snakeyaml | >= 0 < 1.25+ds-3 | 1.25+ds-3 |
| snakeyaml_project | snakeyaml | >= 0 < 1.25+ds-3 | 1.25+ds-3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv6.5MEDIUM