GHSA-r88r-gmrh-7j83

Опубликовано: 28 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

Ссылки

Пакеты

Наименование

gopkg.in/yaml.v2

Затронутые версииВерсия исправления

< 2.2.3

2.2.3

Наименование

github.com/go-yaml/yaml

Затронутые версииВерсия исправления

<= 2.1.0

Отсутствует

EPSS

Процентиль: 16%

0.00053

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2021-4235

Связанные уязвимости

CVE-2021-4235

CVSS3: 5.5

ubuntu

около 3 лет назад

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-4235

CVSS3: 5.5

redhat

около 3 лет назад

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-4235

CVSS3: 5.5

nvd

около 3 лет назад

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.