Homepage

com.esotericsoftware.yamlbeans:yamlbeans@1.15 vulnerabilities

  • latest version

    1.17

  • latest non vulnerable version

    1.17

  • first published

    11 years ago

  • latest version published

    1 years ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the com.esotericsoftware.yamlbeans:yamlbeans package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS). When the YamlReader processes a specially crafted YAML document, an attacker can cause excessive CPU and memory consumption by convincing a user to open such a document, potentially leading to a Java Out-of-Memory exception by exploiting the Anchor feature in YAML.

    How to fix Denial of Service (DoS)?

    Upgrade com.esotericsoftware.yamlbeans:yamlbeans to version 1.17 or higher.

    [,1.17)
    • H
    Deserialization of Untrusted Data

    Affected versions of this package are vulnerable to Deserialization of Untrusted Data allows an attacker can manipulate the data and class of the YAML document being processed, leading to untrusted deserialisation to Java classes.

    Note: This is only exploitable if the data and class are controlled by the author of the YAML document being processed.

    How to fix Deserialization of Untrusted Data?

    Upgrade com.esotericsoftware.yamlbeans:yamlbeans to version 1.17 or higher.

    [,1.17)
    Go back to all versions of this package