ALAS2023-2023-375 --- snakeyamlID: oval:org.secpod.oval:def:19500413 | Date: (C)2024-01-04 (M)2024-03-20 |
Class: PATCH | Family: unix |
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks . If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks . If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack
Platform: |
Amazon Linux 2023 |