Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38337
rswag prior to 2.10.1 allows remote malicious users to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.
Rswag Project Rswag
8.8
CVSSv3
CVE-2021-21249
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using `SafeConstructor`)...
Onedev Project Onedev
6.5
CVSSv3
CVE-2022-38749
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
NA
CVE-2013-0285
The nori gem 2.0.x prior to 2.0.2, 1.1.x prior to 1.1.4, and 1.0.x prior to 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory a...
Nori Gem Project Nori Gem 2.0.1
Nori Gem Project Nori Gem 2.0.0
Nori Gem Project Nori Gem 1.1.2
Nori Gem Project Nori Gem 1.1.1
Nori Gem Project Nori Gem 1.1.3
Nori Gem Project Nori Gem 1.1.0
Nori Gem Project Nori Gem 1.0.1
Nori Gem Project Nori Gem 1.0.0
Nori Gem Project Nori Gem 1.0.2
9.8
CVSSv3
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to esca...
Activerecord Project Activerecord
2 Github repositories
7.8
CVSSv3
CVE-2017-2809
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault prior to 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
Ansible-vault Project Ansible-vault
7.2
CVSSv3
CVE-2019-10135
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 prior to 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
Osbs-client Project Osbs-client
6.5
CVSSv3
CVE-2022-41854
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
Snakeyaml Project Snakeyaml
Fedoraproject Fedora 36
Fedoraproject Fedora 37
2 Github repositories
7.5
CVSSv3
CVE-2022-29215
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions before 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for th...
Regionprotect Project Regionprotect
7.8
CVSSv3
CVE-2018-1000210
YamlDotNet version 4.3.2 and previous versions contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnEr...
Yamldotnet Project Yamldotnet
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »