Google Git
Sign in
go / vulndb / 3b6f478b08bc3fdc340cc96c4e0e75735f618854 / . / data / osv / GO-2020-0036.json
blob: f59d42e914de35941f9ab55d55ab54a89cafccd8 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2020-0036",
"modified": "0001-01-01T00:00:00Z",
"published": "2021-04-14T20:04:52Z",
"aliases": [
"CVE-2019-11254",
"GHSA-wxc4-f4m6-wwqv"
],
"summary": "Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2",
"details": "Due to unbounded aliasing, a crafted YAML file can cause consumption of significant system resources. If parsing user supplied input, this may be used as a denial of service vector.",
"affected": [
{
"package": {
"name": "gopkg.in/yaml.v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.8"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "gopkg.in/yaml.v2",
"symbols": [
"Decoder.Decode",
"Unmarshal",
"UnmarshalStrict",
"yaml_parser_decrease_flow_level",
"yaml_parser_fetch_more_tokens",
"yaml_parser_fetch_stream_start",
"yaml_parser_fetch_value",
"yaml_parser_remove_simple_key",
"yaml_parser_save_simple_key"
]
}
]
}
},
{
"package": {
"name": "github.com/go-yaml/yaml",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/go-yaml/yaml",
"symbols": [
"Decoder.Decode",
"Unmarshal",
"UnmarshalStrict",
"yaml_parser_decrease_flow_level",
"yaml_parser_fetch_more_tokens",
"yaml_parser_fetch_stream_start",
"yaml_parser_fetch_value",
"yaml_parser_remove_simple_key",
"yaml_parser_save_simple_key"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/go-yaml/yaml/pull/555"
},
{
"type": "FIX",
"url": "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2020-0036"
}
}