https://bugzilla.redhat.com/show_bug.cgi?id=1785376
Bug ID: 1785376
Summary: CVE-2017-18640 snakeyaml: the alias feature entity
expansion during a load operation
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: decathorpe(a)gmail.com, hhorak(a)redhat.com,
jaromir.capik(a)email.cz, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jorton(a)redhat.com, mizdebsk(a)redhat.com, mo(a)morsi.org,
stewardship-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Other
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load
operation, a related issue to CVE-2003-1564.
Reference:
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for...
--
You are receiving this mail because:
You are on the CC list for the bug.