CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-24620

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.9%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2023-24620

Esotericsoftware » Yamlbeans » Version: 1.05

cpe:2.3:a:esotericsoftware:yamlbeans:1.05
Esotericsoftware » Yamlbeans » Version: 1.06

cpe:2.3:a:esotericsoftware:yamlbeans:1.06
Esotericsoftware » Yamlbeans » Version: 1.07

cpe:2.3:a:esotericsoftware:yamlbeans:1.07
Esotericsoftware » Yamlbeans » Version: 1.08

cpe:2.3:a:esotericsoftware:yamlbeans:1.08
Esotericsoftware » Yamlbeans » Version: 1.09

cpe:2.3:a:esotericsoftware:yamlbeans:1.09
Esotericsoftware » Yamlbeans » Version: 1.10

cpe:2.3:a:esotericsoftware:yamlbeans:1.10
Esotericsoftware » Yamlbeans » Version: 1.11

cpe:2.3:a:esotericsoftware:yamlbeans:1.11
Esotericsoftware » Yamlbeans » Version: 1.12

cpe:2.3:a:esotericsoftware:yamlbeans:1.12
Esotericsoftware » Yamlbeans » Version: 1.13

cpe:2.3:a:esotericsoftware:yamlbeans:1.13
Esotericsoftware » Yamlbeans » Version: 1.14

cpe:2.3:a:esotericsoftware:yamlbeans:1.14
Esotericsoftware » Yamlbeans » Version: 1.15

cpe:2.3:a:esotericsoftware:yamlbeans:1.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-24620

Products

Pricing

Contact Us