Vulnerabilities > CVE-2021-4235 - Unspecified vulnerability in Yaml Project Yaml

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

yaml-project

NVD

Published: 2022-12-27

Updated: 2023-07-06

Summary

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

Vulnerable Configurations

Part	Description	Count
Application	Yaml_Project Yaml Project Yaml 2.0.0 Yaml Project Yaml 2.1.0 Yaml Project Yaml 2.1.1 Yaml Project Yaml 2.2.0 Yaml Project Yaml 2.2.1 Yaml Project Yaml 2.2.2	6

References

https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
https://pkg.go.dev/vuln/GO-2021-0061
https://github.com/go-yaml/yaml/pull/375
https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html