Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigge...
Django Make App Project Django Make App 0.1.3
7.5
CVSSv3
CVE-2023-28118
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containin...
Kaml Project Kaml
6.5
CVSSv3
CVE-2021-39194
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This cou...
Kaml Project Kaml
9.8
CVSSv3
CVE-2021-27213
config.py in pystemon prior to 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.
Pystemon Project Pystemon
1 Article
6.5
CVSSv3
CVE-2022-38752
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Snakeyaml Project Snakeyaml
2 Github repositories
5.5
CVSSv3
CVE-2022-38750
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2022-38751
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-36793
The routes (aka Extbase Yaml Routes) extension prior to 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Routes Project Routes
NA
CVE-2013-0175
multi_xml gem 0.5.2 for Ruby, as used in Grape prior to 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory a...
Erik Michaels-ober Multi Xml 0.5.2
Grape Project Grape 0.2.4
Grape Project Grape 0.2.0
Grape Project Grape 0.1.5
Grape Project Grape 0.1.4
Grape Project Grape 0.2.2
Grape Project Grape 0.2.3
Grape Project Grape 0.2.5
Grape Project Grape 0.1.2
Grape Project Grape 0.1.3
Erik Michaels-ober Multi Xml 0.5.2
Grape Project Grape 0.2.1
Grape Project Grape 0.1.1
Grape Project Grape 0.1.0
8.3
CVSSv3
CVE-2020-7738
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
Shiba Project Shiba
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »