Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-6292
An issue exists in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Re...
Yaml-cpp Project Yaml-cpp 0.6.2
6.5
CVSSv3
CVE-2019-6285
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Yaml-cpp Project Yaml-cpp 0.6.2
5.5
CVSSv3
CVE-2017-5950
The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Yaml-cpp Project Yaml-cpp 0.5.3
7.5
CVSSv3
CVE-2022-28948
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
Yaml Project Yaml 3.0.0
Netapp Astra Trident -
2 Github repositories
7.8
CVSSv3
CVE-2019-3575
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
Sqla Yaml Fixtures Project Sqla Yaml Fixtures 0.9.1
9.8
CVSSv3
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy prior to 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because l...
Mlalchemy Project Mlalchemy 0.1.1
Mlalchemy Project Mlalchemy 0.1.2
Mlalchemy Project Mlalchemy 0.1.3
Mlalchemy Project Mlalchemy 0.2.0
Mlalchemy Project Mlalchemy 0.2.1
9.8
CVSSv3
CVE-2017-16618
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin prior to 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where saf...
Owlmixin Project Owlmixin
Owlmixin Project Owlmixin 2.0.0
9.8
CVSSv3
CVE-2017-16616
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI prior to 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been use...
Pyanyapi Project Pyanyapi
9.8
CVSSv3
CVE-2017-16763
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in...
Confire Project Confire 0.2.0
7.5
CVSSv3
CVE-2023-47163
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Remarshal Project Remarshal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »