View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-18640 severity important: SUSE including 244 source package names (3.3.2-2.3:snakeyaml-1.28-3.5.1, 5.0.0-beta1.2.122:snakeyaml-1.28-3.5.1, …), 269 product×package rows across 35 product lines (Container containers/apache-pulsar, Container suse/manager/5.0/x86_64/server, … (35 product lines)): Known Affected 231, Fixed 38.
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.