Esoteric YamlBeans < 1.15 DoS via YAML Anchor Entity Expansion
CVE-2023-24620 Published on August 25, 2023

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.

NVD

Products Associated with CVE-2023-24620

Want to know whenever a new CVE is published for Esotericsoftware Yamlbeans? stack.watch will email you.

Esotericsoftware Yamlbeans

Exploit Probability

EPSS

0.02%

Percentile

6.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Esoteric YamlBeans < 1.15 DoS via YAML Anchor Entity ExpansionCVE-2023-24620 Published on August 25, 2023

Products Associated with CVE-2023-24620

Exploit Probability

Esoteric YamlBeans < 1.15 DoS via YAML Anchor Entity Expansion
CVE-2023-24620 Published on August 25, 2023