CVEs-PoC/2017/CVE-2017-18640.md

CVE-2017-18640

Description

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

POC

Reference

• https://bitbucket.org/snakeyaml/snakeyaml/issues/377
• https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes
• https://www.oracle.com/security-alerts/cpuApr2021.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/AwsAlbayati/Software-Security
• https://github.com/GangOf7/WebApp
• https://github.com/adioss/snakeyaml-test
• https://github.com/danielps99/startquarkus
• https://github.com/ytono/gcp-arcade