Neverstop opened a new issue #1935: URL: https://github.com/apache/servicecomb-java-chassis/issues/1935
漏洞是SnakeYAML 1.24版本扫描出来的 https://nvd.nist.gov/vuln/detail/CVE-2017-18640 请问这个漏洞使用场景涉及吗? 在加载的时候因为包含大量实体引用的Doc解析,导致Dos ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
