Esotericsoftware

esotericsoftware

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Yamlbeans

yamlbeans

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-24621 1Esotericsoftware 1Yamlbeans Nov 21, 2024 Aug 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
CVE-2023-24620 1Esotericsoftware 1Yamlbeans Nov 21, 2024 Aug 25, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to...Show more An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-24621

1Esotericsoftware

1Yamlbeans

Nov 21, 2024

Aug 25, 2023

N/A· v4

7.8 HIGH· v3

N/A· v2

An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.

CVE-2023-24620