MidnightBSD

Advisories for yaml_project

CVE-2021-4235

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

Products Affected

Vendor Product Version
yaml_project yaml *
CVE-2022-28948 MEDIUM

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
netapp astra_trident -
yaml_project yaml 3.0.0
CVE-2022-3064

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

Products Affected

Vendor Product Version
yaml_project yaml *
CVE-2023-2251

Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.

Products Affected

Vendor Product Version
yaml_project yaml *