Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigge...
Django Make App Project Django Make App 0.1.3
NA
CVE-2023-28118
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containin...
Kaml Project Kaml
4
CVSSv2
CVE-2021-39194
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This cou...
Kaml Project Kaml
7.5
CVSSv2
CVE-2021-27213
config.py in pystemon prior to 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.
Pystemon Project Pystemon
1 Article
NA
CVE-2022-38752
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Snakeyaml Project Snakeyaml
2 Github repositories
NA
CVE-2022-38750
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
NA
CVE-2022-38751
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
5
CVSSv2
CVE-2021-36793
The routes (aka Extbase Yaml Routes) extension prior to 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Routes Project Routes
7.5
CVSSv2
CVE-2013-0175
multi_xml gem 0.5.2 for Ruby, as used in Grape prior to 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory a...
Erik Michaels-ober Multi Xml 0.5.2
Grape Project Grape 0.2.4
Grape Project Grape 0.2.0
Grape Project Grape 0.1.5
Grape Project Grape 0.1.4
Grape Project Grape 0.2.2
Grape Project Grape 0.2.3
Grape Project Grape 0.2.5
Grape Project Grape 0.1.2
Grape Project Grape 0.1.3
Erik Michaels-ober Multi Xml 0.5.2
Grape Project Grape 0.2.1
Grape Project Grape 0.1.1
Grape Project Grape 0.1.0
6.5
CVSSv2
CVE-2020-7738
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
Shiba Project Shiba
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »