reports/GO-2020-0036.toml - vulndb - Git at Google

 module = "gopkg.in/yaml.v2"

 description = """
 An attacker can craft malicious YAML which will consume significant
 system resources when Unmarshalled.
 """

 cve = "CVE-2019-11254"

 symbols = ["yaml_parser_fetch_more_tokens"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v2.2.8"

 # all of the incompatible version of github.com/go-yaml/yaml
 # are affected
 [[additional_packages]]
 module = "github.com/go-yaml/yaml"

 [links]
 commit = "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48"
 pr = "https://github.com/go-yaml/yaml/pull/555"
 context = ["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496"]
	module = "gopkg.in/yaml.v2"

	description = """
	An attacker can craft malicious YAML which will consume significant
	system resources when Unmarshalled.
	"""

	cve = "CVE-2019-11254"

	symbols = ["yaml_parser_fetch_more_tokens"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v2.2.8"

	# all of the incompatible version of github.com/go-yaml/yaml
	# are affected
	[[additional_packages]]
	module = "github.com/go-yaml/yaml"

	[links]
	commit = "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48"
	pr = "https://github.com/go-yaml/yaml/pull/555"
	context = ["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496"]