RedHat snakeyaml CVE-2017-18640 XML Entity Expansion Vulnerability

description-logoDescription

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fix(es): * snakeyaml: Billion laughs attack via alias feature (CVE-2017-18640) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

affected-products-logoAffected Applications

snakeyaml

CVE References

CVE-2017-18640