org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Denial of Service (DoS).
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Note While the Maintainer acknowledges the existence of the issue, they believe it should be solved by sanitizing the inputStream to the parser
There is no fixed version for org.yaml:snakeyaml.
Proof Of Concept