The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 May 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Feb 2023, 15:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes - Release Notes, Third Party Advisory | |
References | (MISC) https://bitbucket.org/snakeyaml/snakeyaml/issues/377 - Exploit, Issue Tracking, Third Party Advisory |
26 Jul 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | |
References |
|
18 Apr 2022, 15:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263@%3Ccommon-commits.hadoop.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b@%3Ccommon-issues.hadoop.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5@%3Ccommon-commits.hadoop.apache.org%3E - Mailing List, Patch, Third Party Advisory |
08 Oct 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Oct 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jun 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-12 03:15
Updated : 2024-02-04 20:39
NVD link : CVE-2017-18640
Mitre link : CVE-2017-18640
CVE.ORG link : CVE-2017-18640
JSON object : View
Products Affected
fedoraproject
- fedora
oracle
- peoplesoft_enterprise_pt_peopletools
snakeyaml_project
- snakeyaml
quarkus
- quarkus
CWE
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')