ID CVE-2017-18640
Summary The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
References
Vulnerable Configurations
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:snakeyaml_project:snakeyaml:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:snakeyaml_project:snakeyaml:1.25:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:0.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:0.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:candidate_release2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.0:cr2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.0:cr2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:candidate_release2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.0:cr2:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.0:cr2:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quarkus:quarkus:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:quarkus:quarkus:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-04-2022 - 15:46)
Impact:
Exploitability:
CWE CWE-776
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1785376
title CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • comment prometheus-jmx-exporter is earlier than 0:0.12.0-6.el8
      oval oval:com.redhat.rhsa:tst:20204807001
    • comment prometheus-jmx-exporter is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20204807002
rhsa
id RHSA-2020:4807
released 2020-11-04
severity Moderate
title RHSA-2020:4807: prometheus-jmx-exporter security update (Moderate)
rpms prometheus-jmx-exporter-0:0.12.0-6.el8
refmap via4
fedora
  • FEDORA-2020-23012fafbc
  • FEDORA-2020-599514b47e
misc
mlist
  • [atlas-commits] 20200915 [atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)
  • [atlas-commits] 20200916 [atlas] 02/02: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)
  • [atlas-dev] 20200907 [GitHub] [atlas] crazylab closed pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200914 [GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200914 [jira] [Created] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200914 [jira] [Updated] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200915 [GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200915 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640
  • [atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640
  • [cassandra-commits] 20200930 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20200930 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201001 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201002 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201002 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201007 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201007 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201009 [cassandra] branch trunk updated: Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201009 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201009 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-commits] 20201009 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix
  • [cassandra-pr] 20200907 [GitHub] [cassandra] crazylab opened a new pull request #736: Upgrade to a snakeyaml version without CVE
  • [hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.
  • [hadoop-common-commits] 20201028 [hadoop] branch trunk updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.
  • [hadoop-common-dev] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20200830 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20200909 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20201026 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20201027 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20201028 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [hadoop-common-issues] 20201028 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640
  • [pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26
  • [pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26
  • [pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy edited a comment on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26
  • [pulsar-commits] 20200907 [GitHub] [pulsar] jiazhai closed issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26
Last major update 18-04-2022 - 15:46
Published 12-12-2019 - 03:15
Last modified 18-04-2022 - 15:46
Back to Top