Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38337
rswag prior to 2.10.1 allows remote malicious users to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Rswag Project Rswag
6.5
CVSSv2
CVE-2021-21249
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using `SafeConstructor`)...
Onedev Project Onedev
NA
CVE-2022-38749
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
NA
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to esca...
Activerecord Project Activerecord
2 Github repositories
7.5
CVSSv2
CVE-2013-0285
The nori gem 2.0.x prior to 2.0.2, 1.1.x prior to 1.1.4, and 1.0.x prior to 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory a...
Nori Gem Project Nori Gem 2.0.1
Nori Gem Project Nori Gem 2.0.0
Nori Gem Project Nori Gem 1.1.2
Nori Gem Project Nori Gem 1.1.1
Nori Gem Project Nori Gem 1.1.3
Nori Gem Project Nori Gem 1.1.0
Nori Gem Project Nori Gem 1.0.1
Nori Gem Project Nori Gem 1.0.0
Nori Gem Project Nori Gem 1.0.2
6.8
CVSSv2
CVE-2017-2809
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault prior to 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
Ansible-vault Project Ansible-vault
6.5
CVSSv2
CVE-2019-10135
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 prior to 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
Osbs-client Project Osbs-client
NA
CVE-2022-41854
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
Snakeyaml Project Snakeyaml
Fedoraproject Fedora 36
Fedoraproject Fedora 37
2 Github repositories
5
CVSSv2
CVE-2022-29215
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions before 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for th...
Regionprotect Project Regionprotect
6.8
CVSSv2
CVE-2018-1000210
YamlDotNet version 4.3.2 and previous versions contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnEr...
Yamldotnet Project Yamldotnet
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »