Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
References
Link | Resource |
---|---|
https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 | Patch Third Party Advisory |
https://github.com/go-yaml/yaml/pull/375 | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html | |
https://pkg.go.dev/vuln/GO-2021-0061 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Go
Published: 2022-12-27T21:13:42.393Z
Updated: 2023-06-12T19:04:08.123Z
Reserved: 2022-07-29T18:56:20.415Z
Link: CVE-2021-4235
JSON object: View
NVD Information
Status : Modified
Published: 2022-12-27T22:15:11.960
Modified: 2023-07-06T00:15:09.707
Link: CVE-2021-4235
JSON object: View
Redhat Information
No data.
CWE