The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
{ "nvd_published_at": "2019-12-12T03:15:00Z", "cwe_ids": [ "CWE-776" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-06-04T21:34:16Z" }