blob: 6c2034896a64e0643e8b5fb9ae98fbe402dd313e [file] [log] [blame]
packages:
- module: gopkg.in/yaml.v2
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
versions:
- fixed: 2.2.8
- module: github.com/go-yaml/yaml
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
description: |
Due to unbounded aliasing, a crafted YAML file can cause consumption
of significant system resources. If parsing user supplied input, this
may be used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2019-11254
ghsas:
- GHSA-wxc4-f4m6-wwqv
links:
pr: https://github.com/go-yaml/yaml/pull/555
commit: https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48
context:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496