CVE-2023-47163

Опубликовано: 13 нояб. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.

Ссылки

https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494
Patch
https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1
Release Notes
https://jvn.jp/en/jp/JVN86156389/
Third Party Advisory
https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494
Patch
https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1
Release Notes
https://jvn.jp/en/jp/JVN86156389/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:remarshal_project:remarshal:*:*:*:*:*:*:*:*

Версия до 0.17.1 (исключая)

EPSS

Процентиль: 23%

0.00076

Низкий

7.5 High

CVSS3

Дефекты

CWE-674

Связанные уязвимости

GHSA-gw7g-qr8w-3448