Moderate severityNVD Advisory· Published Aug 25, 2023· Updated Oct 2, 2024
CVE-2023-24620
CVE-2023-24620
Description
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.esotericsoftware.yamlbeans:yamlbeansMaven | <= 1.15 | — |
Affected products
2- Esoteric/YamlBeansdescription
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.