Esotericsoftware Yamlbeans
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Esotericsoftware Yamlbeans.
By the Year
In 2026 there have been 0 vulnerabilities in Esotericsoftware Yamlbeans. Yamlbeans did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.65 |
It may take a day or so for new Yamlbeans vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Esotericsoftware Yamlbeans Security Vulnerabilities
Esoteric YamlBeans Java deserialization via YAML v1.15
CVE-2023-24621
7.8 - High
- August 25, 2023
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.
Marshaling, Unmarshaling
Esoteric YamlBeans < 1.15 DoS via YAML Anchor Entity Expansion
CVE-2023-24620
5.5 - Medium
- August 25, 2023
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Esotericsoftware Yamlbeans or by Esotericsoftware? Click the Watch button to subscribe.
