CVE-2017-18640 - Denial of Service (DoS)

Severity: Low2021-12-08

Security Advisories

Abstract

SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation.

The Oxygen XML products incorporates the SnakeYAML as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion 4.1 and olderLow Oxygen Content Fusion 4.1.2 build 2021112414

Mitigation

None

Detail

CVE-2017-18640

Severity: high

CVSS Score: 7.5

The SnakeYAML third-party library used by Oxygen XML software products is an affected version mentioned in CVE-2017-18640 vulnerability description. However, the Oxygen XML software products use SnakeYAML only to generate YAML files, not to parse YAML files. Therefore Oxygen XML software products are not impacted by CVE-2017-18640.

Starting with Oxygen Content Fusion version 4.1, the SnakeYAML library was removed.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Balisage: The Markup Conference 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor