CVE

GHSA-rvwf-54qp-4r6v

SnakeYAML Entity Expansion during load operation

Back to all

CVE

GHSA-rvwf-54qp-4r6v

SnakeYAML Entity Expansion during load operation

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

Related Resources

No items found.

References

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.02166%

EPSS Percentile

0.8382%

Introduced Version

1.4

Fix Available

1.26

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-rvwf-54qp-4r6v

GHSA-rvwf-54qp-4r6v

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly