suse · CVE-2017-18640

Quick triage

Priority: high Published: 2021-05-30 14:05:49 UTC Updated: 2026-04-17 15:47:03 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-18640 severity important: SUSE including 244 source package names (3.3.2-2.3:snakeyaml-1.28-3.5.1, 5.0.0-beta1.2.122:snakeyaml-1.28-3.5.1, …), 269 product×package rows across 35 product lines (Container containers/apache-pulsar, Container suse/manager/5.0/x86_64/server, … (35 product lines)): Known Affected 231, Fixed 38.

Description:

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

cvelogic Threat Intelligence