reports/GO-2020-0036.toml - vulndb - Git at Google

 package = "gopkg.in/yaml.v2"

 description = """
 An attacker can craft malicious YAML which will consume significant
 system resources when Unmarshalled.
 """

 cve = "CVE-2019-11254"

 symbols = ["yaml_parser_fetch_more_tokens"]

 [[versions]]
 fixed = "v2.2.8"

 [[additional_packages]]
 package = "github.com/go-yaml/yaml"
 symbols = ["yaml_parser_fetch_more_tokens"]
 [[additional_packages.versions]]
 fixed = "v2.2.8"

 [links]
 commit = "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48"
 pr = "https://github.com/go-yaml/yaml/pull/555"
 context = ["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496"]
	package = "gopkg.in/yaml.v2"

	description = """
	An attacker can craft malicious YAML which will consume significant
	system resources when Unmarshalled.
	"""

	cve = "CVE-2019-11254"

	symbols = ["yaml_parser_fetch_more_tokens"]

	[[versions]]
	fixed = "v2.2.8"

	[[additional_packages]]
	package = "github.com/go-yaml/yaml"
	symbols = ["yaml_parser_fetch_more_tokens"]
	[[additional_packages.versions]]
	fixed = "v2.2.8"

	[links]
	commit = "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48"
	pr = "https://github.com/go-yaml/yaml/pull/555"
	context = ["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496"]