| - module: gopkg.in/yaml.v2 |
| - package: gopkg.in/yaml.v2 |
| - module: github.com/go-yaml/yaml |
| vulnerable_at: 2.1.0+incompatible |
| - package: github.com/go-yaml/yaml |
| summary: Denial of service in gopkg.in/yaml.v2 |
| Due to unbounded alias chasing, a maliciously crafted YAML file can cause the |
| system to consume significant system resources. If parsing user input, this may |
| be used as a denial of service vector. |
| published: 2021-04-14T20:04:52Z |
| - fix: https://github.com/go-yaml/yaml/pull/375 |
| - fix: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 |
| cwe: 'CWE 400: Uncontrolled Resource Consumption' |
| - https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html |