PT-2019-5799 · Snakeyaml+8 · Snakeyaml+8

Publicado

2019-11-12

Atualizado

2025-03-27

CVE-2017-18640

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SnakeYAML versions prior to 1.26

Description The issue is related to errors in processing XML entities, which can lead to a denial of service when exploited by a remote attacker. The problem is associated with the Alias feature during a load operation, allowing entity expansion.

Recommendations For versions prior to 1.26, update to version 1.26 or later to resolve the issue. As a temporary workaround, consider disabling the Alias feature until a patch is available.

Exploit

Correção

XML Entity Expansion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-776

Identificadores relacionados

ALSA-2020:4807

ALT-PU-2021-1895

BDU:2021-02625

CESA-2020_4807

CVE-2017-18640

GHSA-RVWF-54QP-4R6V

OPENSUSE-SU-2021:0855-1

OPENSUSE-SU-2021:1876-1

OPENSUSE-SU-2021_1876-1

OPENSUSE-SU-2024:11391-1

RHSA-2020:4807

RHSA-2020_4807

RLSA-2020:4807

SUSE-SU-2021:1876-1

SUSE-SU-2021:1978-1

SUSE-SU-2021:1979-1

SUSE-SU-2021_1876-1

USN-7368-1

Produtos afetados

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Snakeyaml

Suse

Ubuntu

PT-2019-5799 · Snakeyaml+8 · Snakeyaml+8

CVE-2017-18640

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 156