Vulnerability — CVE-2017-18640

CVE-2017-18640

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2017-18640
Description:: The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Last updated date:: 05/21/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/17/2021
Reference url to background: https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/28/2023
Reference url to background: https://bitbucket.org/snakeyaml/snakeyaml/issues/377