Lucene search
GoCVELIST:CVE-2021-4235HistoryDec 27, 2022 - 9:13 p.m.
CVE-2021-4235 Denial of service in gopkg.in/yaml.v2
2022-12-2721:13:42
Go
www.cve.org
2
cve-2021-4235
denial of service
gopkg.in/yaml.v2
unbounded alias chasing
maliciously crafted yaml file
system resources
user input
dos vector
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
CNA Affected
[
{
"vendor": "gopkg.in/yaml.v2",
"product": "gopkg.in/yaml.v2",
"collectionURL": "https://pkg.go.dev",
"packageName": "gopkg.in/yaml.v2",
"versions": [
{
"version": "0",
"lessThan": "2.2.3",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "decoder.unmarshal"
},
{
"name": "Decoder.Decode"
},
{
"name": "Unmarshal"
},
{
"name": "UnmarshalStrict"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "github.com/go-yaml/yaml",
"product": "github.com/go-yaml/yaml",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/go-yaml/yaml",
"programRoutines": [
{
"name": "decoder.unmarshal"
},
{
"name": "Decoder.Decode"
},
{
"name": "Unmarshal"
},
{
"name": "UnmarshalStrict"
}
],
"defaultStatus": "affected"
}
]Related
ubuntucve
ubuntucve
CVE-2021-4235
2022-12-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-12-30 10:49:32
wolfi
wolfi
CVE-2021-4235 vulnerabilities
2024-07-09 09:08:46
gitlab
gitlab
Uncontrolled Resource Consumption
2022-12-27 00:00:00
YAML Go package vulnerable to denial of service
2022-12-28 00:00:00
osv
osv
CVE-2021-4235
2022-12-27 22:15:11
Denial of service in gopkg.in/yaml.v2
2021-04-14 20:04:52
YAML Go package vulnerable to denial of service
2022-12-28 00:30:23
debiancve
debiancve
CVE-2021-4235
2022-12-27 22:15:11
nvd
nvd
CVE-2021-4235
2022-12-27 22:15:11
cbl_mariner
cbl_mariner
CVE-2021-4235 affecting package etcd 3.5.1-6
2022-12-27 17:58:52
cve
cve
CVE-2021-4235
2022-12-27 22:15:11
github
github
YAML Go package vulnerable to denial of service
2022-12-28 00:30:23
redhat
redhat
cgr
cgr
CVE-2021-4235 vulnerabilities
2024-05-19 03:07:16
prion
prion
Denial of service
2022-12-27 22:15:00
redhatcve
redhatcve
CVE-2021-4235
2022-12-28 11:35:02
nessus
nessus
Debian DLA-3479-1 : golang-yaml.v2 - LTS security update
2023-07-06 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
2024-04-28 00:00:00
ubuntu
ubuntu
Go yaml vulnerabilities
2023-08-14 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3479-1)
2023-07-06 00:00:00
Ubuntu: Security Advisory (USN-6287-1)
2023-08-14 00:00:00
debian
debian
[SECURITY] [DLA 3479-1] golang-yaml.v2 security update
2023-07-05 20:29:31
ibm
ibm
Security Bulletin: IBM Planning Analytics Connector for SAP is affected by security vulnerabilities
2024-04-02 18:29:22
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and link following via Go-Yaml, kube-apiserver, Golang Go and Beego
2023-08-29 21:46:23
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-07-03 18:48:48