CVE-2023-24620 Information

Description

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML it is possible to generate a small YAML document that when read is expanded to a large size causing CPU and memory consumption such as a Java Out-of-Memory exception.

Reference

https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md https://github.com/EsotericSoftware https://contrastsecurity.com