An issue exists in Esoteric YamlBeans up to and including 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esotericsoftware yamlbeans |