Andrey Somov - Security Researcher - Exploit Intelligence Platform

CVE-2017-18640 NOMISEC HIGH WORKING POC

SnakeYAML < 1.26 - XML Entity Expansion via Alias Feature

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CVSS 7.5

View Code

CVE-2017-18640 NOMISEC HIGH WORKING POC

SnakeYAML < 1.26 - XML Entity Expansion via Alias Feature

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CVSS 7.5

View Code

CVE-2022-25857 WRITEUP HIGH WRITEUP

snakeyaml < 1.31 - Denial of Service via Nested Collection Depth

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVSS 7.5

View Code

CVE-2022-25857 WRITEUP HIGH WRITEUP

snakeyaml < 1.31 - Denial of Service via Nested Collection Depth

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVSS 7.5

View Code