CVE-2020-1953: 
Oracle Database Server vulnerability analysis and mitigation

Apache Commons Configuration versions 2.2 through 2.6 contained a vulnerability related to YAML file parsing. The vulnerability was discovered by Daniel Kalinowski of ISEC.pl Research Team and was assigned CVE-2020-1953. The issue affected the library's handling of YAML files through a third-party parser that allowed class instantiation by default (OpenWall, CVE Mitre).

The vulnerability stems from Apache Commons Configuration's use of a third-party library for parsing YAML files, which by default allows the instantiation of classes when the YAML includes special statements. The default settings of this library were not modified in versions 2.2 through 2.6, creating a potential security risk. The severity was rated as Moderate (OpenWall).

If a YAML file is loaded from an untrusted source, it could lead to arbitrary code execution outside the control of the host application. This could potentially allow attackers to execute malicious code through specially crafted YAML files (CVE Mitre, OpenWall).

Users should upgrade to Apache Commons Configuration version 2.7 or later, which prevents class instantiation by the YAML processor. This version addresses the vulnerability by changing the default settings of the YAML parsing library (OpenWall).