alvarosanchez/grails-spring-security-rest

Vulnerabilities 1 via 6 paths
Dependencies 38
Source GitHub
Commit fffda0b4

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
medium severity

Denial of Service (DoS)

  • Vulnerable module: org.yaml:snakeyaml
  • Introduced through: org.grails:grails-core@4.0.1

Detailed paths

  • Introduced through: alvarosanchez/grails-spring-security-rest@alvarosanchez/grails-spring-security-rest#fffda0b4a836d5bde94cc3d66d1e6fe123347cc9 org.grails:grails-core@4.0.1 io.micronaut:micronaut-inject@1.1.4 org.yaml:snakeyaml@1.23
  • Introduced through: alvarosanchez/grails-spring-security-rest@alvarosanchez/grails-spring-security-rest#fffda0b4a836d5bde94cc3d66d1e6fe123347cc9 org.grails:grails-core@4.0.1 org.grails:grails-bootstrap@4.0.1 org.yaml:snakeyaml@1.23
  • Introduced through: alvarosanchez/grails-spring-security-rest@alvarosanchez/grails-spring-security-rest#fffda0b4a836d5bde94cc3d66d1e6fe123347cc9 org.grails:grails-core@4.0.1 io.micronaut.spring:micronaut-spring-context@1.0.2 io.micronaut:micronaut-inject@1.1.4 org.yaml:snakeyaml@1.23
  • Introduced through: alvarosanchez/grails-spring-security-rest@alvarosanchez/grails-spring-security-rest#fffda0b4a836d5bde94cc3d66d1e6fe123347cc9 org.grails:grails-core@4.0.1 io.micronaut.spring:micronaut-spring-context@1.0.2 io.micronaut:micronaut-aop@1.0.4 io.micronaut:micronaut-inject@1.1.4 org.yaml:snakeyaml@1.23
  • Introduced through: alvarosanchez/grails-spring-security-rest@alvarosanchez/grails-spring-security-rest#fffda0b4a836d5bde94cc3d66d1e6fe123347cc9 org.grails:grails-core@4.0.1 io.micronaut.spring:micronaut-spring-context@1.0.2 io.micronaut:micronaut-spring@1.0.4 io.micronaut:micronaut-inject@1.1.4 org.yaml:snakeyaml@1.23
  • Introduced through: alvarosanchez/grails-spring-security-rest@alvarosanchez/grails-spring-security-rest#fffda0b4a836d5bde94cc3d66d1e6fe123347cc9 org.grails:grails-core@4.0.1 io.micronaut.spring:micronaut-spring-context@1.0.2 io.micronaut:micronaut-spring@1.0.4 io.micronaut:micronaut-aop@1.0.4 io.micronaut:micronaut-inject@1.1.4 org.yaml:snakeyaml@1.23

Overview

org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.

Affected versions of this package are vulnerable to Denial of Service (DoS). The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Note While the Maintainer acknowledges the existence of the issue, they believe it should be solved by sanitizing the inputStream to the parser

Remediation

There is no fixed version for org.yaml:snakeyaml.

References