EngineHub/CommandHelper

Vulnerabilities 1 via 1 paths
Dependencies 40
Source GitHub
Commit 533b5ab9

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
medium severity

Denial of Service (DoS)

  • Vulnerable module: org.yaml:snakeyaml
  • Introduced through: org.yaml:snakeyaml@1.20

Detailed paths

  • Introduced through: EngineHub/CommandHelper@EngineHub/CommandHelper#533b5ab9df885fa125f9b441065eedab7d1e3af9 org.yaml:snakeyaml@1.20

Overview

org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.

Affected versions of this package are vulnerable to Denial of Service (DoS). The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Note While the Maintainer acknowledges the existence of the issue, they believe it should be solved by sanitizing the inputStream to the parser

Remediation

There is no fixed version for org.yaml:snakeyaml.

References