reports/GO-2021-0061.yaml - vulndb - Git at Google

 packages:
   - module: gopkg.in/yaml.v2
     symbols:
       - decoder.unmarshal
     derived_symbols:
       - Decoder.Decode
       - Unmarshal
       - UnmarshalStrict
     versions:
       - fixed: 2.2.3
   - module: github.com/go-yaml/yaml
     symbols:
       - decoder.unmarshal
     derived_symbols:
       - Decoder.Decode
       - Unmarshal
       - UnmarshalStrict
 description: |
     Due to unbounded alias chasing, a maliciously crafted YAML file
     can cause the system to consume significant system resources. If
     parsing user input, this may be used as a denial of service vector.
 cve_metadata:
     id: CVE-2021-4235
     cwe: "CWE 400: Uncontrolled Resource Consumption"
 published: 2021-04-14T20:04:52Z
 credit: '@simonferquel'
 links:
     pr: https://github.com/go-yaml/yaml/pull/375
     commit: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
	packages:
	- module: gopkg.in/yaml.v2
	symbols:
	- decoder.unmarshal
	derived_symbols:
	- Decoder.Decode
	- Unmarshal
	- UnmarshalStrict
	versions:
	- fixed: 2.2.3
	- module: github.com/go-yaml/yaml
	symbols:
	- decoder.unmarshal
	derived_symbols:
	- Decoder.Decode
	- Unmarshal
	- UnmarshalStrict
	description: \|
	Due to unbounded alias chasing, a maliciously crafted YAML file
	can cause the system to consume significant system resources. If
	parsing user input, this may be used as a denial of service vector.
	cve_metadata:
	id: CVE-2021-4235
	cwe: "CWE 400: Uncontrolled Resource Consumption"
	published: 2021-04-14T20:04:52Z
	credit: '@simonferquel'
	links:
	pr: https://github.com/go-yaml/yaml/pull/375
	commit: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241