reports/GO-2021-0061.toml - vulndb - Git at Google

 module = "gopkg.in/yaml.v2"

 description = """
 A maliciously crafted input can cause resource exhaustion due to
 alias chasing.
 """

 credit = "@simonferquel"

 symbols = ["decoder.unmarshal"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v2.2.3"

 # all of the incompatible version of github.com/go-yaml/yaml
 # are affected
 [[additional_packages]]
 module = "github.com/go-yaml/yaml"

 [links]
 commit = "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241"
 pr = "https://github.com/go-yaml/yaml/pull/375"
	module = "gopkg.in/yaml.v2"

	description = """
	A maliciously crafted input can cause resource exhaustion due to
	alias chasing.
	"""

	credit = "@simonferquel"

	symbols = ["decoder.unmarshal"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v2.2.3"

	# all of the incompatible version of github.com/go-yaml/yaml
	# are affected
	[[additional_packages]]
	module = "github.com/go-yaml/yaml"

	[links]
	commit = "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241"
	pr = "https://github.com/go-yaml/yaml/pull/375"