Описание
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Will not fix | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-controller-rhel8 | Will not fix | ||
| Node Maintenance Operator | workload-availability/node-maintenance-rhel8-operator | Not affected | ||
| OpenShift Developer Tools and Services | helm | Not affected | ||
| OpenShift Developer Tools and Services | odo | Affected | ||
| OpenShift Pipelines | openshift-pipelines-client | Will not fix | ||
| OpenShift Serverless | openshift-serverless-1/client-kn-rhel8 | Will not fix | ||
| OpenShift Serverless | openshift-serverless-1/kn-cli-artifacts-rhel8 | Will not fix | ||
| OpenShift Serverless | openshift-serverless-clients | Will not fix | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/istio-cni-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...
EPSS
5.5 Medium
CVSS3