Sign In

CVE-2017-18640

ADVISORY - github

Summary

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

EPSS Score: 0.02166 (0.839)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADVISORY - github

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-122

Heap-based Buffer Overflow

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in