Vulnerabilities > CVE-2023-28118 - Unspecified vulnerability in Kaml Project Kaml
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds.
Vulnerable Configurations
References
- https://github.com/charleskorn/kaml/commit/5f82a2d7e00bfc307afca05d1dc4d7c50593531a
- https://github.com/charleskorn/kaml/releases/tag/0.53.0
- https://github.com/charleskorn/kaml/security/advisories/GHSA-c24f-2j3g-rg48
- https://github.com/charleskorn/kaml/commit/5f82a2d7e00bfc307afca05d1dc4d7c50593531a
- https://github.com/charleskorn/kaml/security/advisories/GHSA-c24f-2j3g-rg48
- https://github.com/charleskorn/kaml/releases/tag/0.53.0