SnakeYAML is one of the most widely used YAML parsing libraries in the Java ecosystem, pulled in transitively by frameworks like Spring, Jackson, and countless CI/CD and configuration-management tools. CVE-2017-18640 is a denial-of-service vulnerability in SnakeYAML that lets an attacker crash an application simply by handing it a small, specially crafted YAML document. The flaw stems from SnakeYAML's default parser failing to restrict the size of data structures created through YAML's alias/anchor mechanism, allowing a tiny input to explode into a massive in-memory object graph — a YAML analogue of the classic XML "billion laughs" attack.
Any service that parses untrusted or semi-trusted YAML with a vulnerable SnakeYAML version — a webhook payload, an uploaded configuration file, a Kubernetes manifest, a CI pipeline definition — is a candidate for exploitation. The result is typically an out-of-memory condition or CPU exhaustion that takes the parsing process down.
Affected Versions and Components
- Component:
org.yaml:snakeyaml(the standalone SnakeYAML library for Java) - Affected versions: SnakeYAML releases prior to 1.26
- Fixed version: 1.26, which introduced safeguards against unrestricted alias expansion when parsing untrusted input
- Root cause: SnakeYAML's
Constructordid not limit the number of aliases (references to previously defined anchors) that could be resolved during parsing unless the caller explicitly used a hardened constructor path. An attacker can define a small set of anchors and then reference them recursively, causing the number of resolved objects to grow exponentially relative to the size of the input document.
Because SnakeYAML is rarely a direct, top-level dependency, most organizations are exposed to this CVE transitively. It ships inside:
- Jackson's YAML data format module (
jackson-dataformat-yaml), used by Spring Boot's YAML configuration support and many REST/serialization stacks - Spring Cloud Config and other Spring components that load YAML at runtime
- Build, CI/CD, and infrastructure tooling that accepts YAML configuration (Jenkins plugins, Apache-ecosystem projects, Elasticsearch/Logstash configuration loaders, and others)
- Any custom Java service that calls
new Yaml().load(...)on external input
This transitive exposure is exactly why the CVE persisted in production dependency trees long after a fix existed — teams patched their direct dependencies without realizing an old SnakeYAML jar was still being dragged in three or four levels down.
CVSS, EPSS, and KEV Context
NVD scores CVE-2017-18640 with a CVSS v3.1 base score of 7.5 (High), reflecting a network-exploitable, low-complexity attack that requires no privileges or user interaction and results in a high availability impact with no confidentiality or integrity loss (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). That scoring lines up with the nature of the bug: it is a pure resource-exhaustion denial of service, not a path to code execution or data compromise.
From an exploitation-likelihood standpoint, this CVE has not been associated with widespread, opportunistic mass exploitation the way memory-corruption or deserialization bugs often are — it requires an attacker to be able to deliver a YAML document to a vulnerable parser, which narrows the practical attack surface to applications that accept YAML from external or semi-trusted sources. It does not appear on CISA's Known Exploited Vulnerabilities (KEV) catalog, and its EPSS (Exploit Prediction Scoring System) probability sits well below the range associated with actively-weaponized flaws. That said, low EPSS is not the same as "safe to ignore": DoS bugs in shared parsing libraries are cheap to trigger once a vulnerable version is confirmed, and availability impact on a critical service can still be a serious incident regardless of exploit prevalence.
Timeline
- SnakeYAML's alias-expansion resource-exhaustion behavior was identified and reported to the project as a security concern, leading to a fix in the 1.26 release.
- A CVE identifier, CVE-2017-18640, was later reserved and eventually published to NVD to formally track the issue — the mismatch between the "2017" CVE-ID year and its later public disclosure is a well-known artifact of the CVE numbering process, where an ID is reserved in one year but the record isn't populated and published until later.
- SnakeYAML 1.26 and subsequent releases shipped with mitigations that restrict unbounded alias resolution.
- The story doesn't fully end there: a related follow-up issue, CVE-2022-25857, showed that the original 1.26 fix did not fully close the door on billion-laughs-style YAML bombs targeting collections. The maintainers subsequently introduced an explicit, tunable safeguard —
LoaderOptions.setMaxAliasesForCollections()— starting in SnakeYAML 1.31, giving applications direct control over how many aliases a single document may expand into.
The practical lesson from this timeline is that upgrading past 1.26 addresses the originally reported CVE-2017-18640 behavior, but organizations parsing untrusted YAML should track SnakeYAML's later hardening (1.31+) as well, since the alias-expansion problem space took more than one release to fully mitigate.
Remediation Steps
- Identify every copy of SnakeYAML in your dependency tree, not just direct declarations. Use
mvn dependency:tree/gradle dependencies(or an SBOM/SCA tool) to findorg.yaml:snakeyamlpulled in via Jackson, Spring Boot starters, Elasticsearch client libraries, Jenkins plugins, or other transitive paths. - Upgrade to SnakeYAML 1.26 or later wherever the library is resolved. If it arrives transitively through a parent framework (e.g., Spring Boot or
jackson-dataformat-yaml), upgrade that parent dependency to a version that itself bundles a patched SnakeYAML, or use a dependency-management override to force a safe version across the build. - Prefer 1.31+ and configure
LoaderOptions.setMaxAliasesForCollections()explicitly for any code path that parses YAML from an untrusted or external source. This directly bounds how much a single document can expand, closing the gap left by the original 1.26 fix. - Use
SafeConstructor(or an equivalently restrictiveConstructor) when loading untrusted YAML, and avoid the permissive defaultYaml().load()call on content you don't fully control. - Add resource limits at the application layer — request size caps, parsing timeouts, and memory/CPU quotas for services that process external YAML — as defense in depth against this and future parser-exhaustion bugs.
- Re-verify after upgrading dependency managers, since Maven/Gradle dependency mediation can silently reintroduce an old SnakeYAML version if a different transitive path pins to it.
How Safeguard Helps
CVE-2017-18640 is a textbook example of why supply chain visibility matters more than patching what's in front of you: the vulnerable component is almost never a direct dependency, and most teams discover it buried three or four hops deep in a build they didn't write. Safeguard is built to close exactly that gap.
- Full transitive dependency visibility. Safeguard builds a complete, continuously updated software bill of materials (SBOM) for your applications, so a stale
org.yaml:snakeyamljar pulled in through Jackson, Spring Boot, or a CI plugin is surfaced automatically — no manualdependency:treearchaeology required. - Context-aware risk prioritization. Rather than treating every CVE alike, Safeguard correlates CVSS severity, EPSS exploitation likelihood, and CISA KEV status so your team can see that CVE-2017-18640 is a real availability risk worth fixing, without letting it drown out genuinely actively-exploited vulnerabilities elsewhere in your stack.
- Reachability and exposure analysis. Safeguard helps determine whether your application actually parses untrusted YAML through the vulnerable code path, so remediation effort goes first to services genuinely exposed to attacker-controlled input rather than every service that merely has the jar on the classpath.
- Continuous monitoring for follow-on issues. Because vulnerabilities like this one evolved across multiple releases (1.26, then 1.31 for the more complete fix), Safeguard tracks version-specific advisories over time so a "patched" dependency doesn't quietly drift back into vulnerable territory as new related CVEs are disclosed.
- Policy-driven enforcement. Teams can set gates that block builds or deployments introducing known-vulnerable SnakeYAML versions, preventing regression even when the library re-enters the tree through an unrelated upgrade elsewhere in the dependency graph.
Denial-of-service bugs in shared parsing libraries rarely make headlines, but they are exactly the kind of deep, transitive risk that traditional dependency checks miss. Safeguard's SBOM-driven approach ensures vulnerabilities like CVE-2017-18640 are found, prioritized correctly, and don't silently resurface in your software supply chain.