Lucene search
GitHub Advisory DatabaseGHSA-R88R-GMRH-7J83HistoryDec 28, 2022 - 12:30 a.m.
YAML Go package vulnerable to denial of service
2022-12-2800:30:23
GitHub Advisory Database
github.com
38
yaml
go
package
vulnerability
denial of service
user input
system resources
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.3%
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Affected configurations
Node
github.com\/goyaml\/yamlRange≤2.1.0
ORgopkg.inyaml.v2Range<2.2.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/go-yaml/yaml | le | 2.1.0 | |
| gopkg.in/yaml.v2 | lt | 2.2.3 |
Related
veracode
veracode
Denial Of Service (DoS)
2022-12-30 10:49:32
ubuntucve
ubuntucve
CVE-2021-4235
2022-12-27 00:00:00
wolfi
wolfi
CVE-2021-4235 vulnerabilities
2024-07-09 03:08:46
osv
osv
Denial of service in gopkg.in/yaml.v2
2021-04-14 20:04:52
YAML Go package vulnerable to denial of service
2022-12-28 00:30:23
CVE-2021-4235
2022-12-27 22:15:11
cve
cve
CVE-2021-4235
2022-12-27 22:15:11
cvelist
cvelist
CVE-2021-4235 Denial of service in gopkg.in/yaml.v2
2022-12-27 21:13:42
redhat
redhat
gitlab
gitlab
Uncontrolled Resource Consumption
2022-12-27 00:00:00
YAML Go package vulnerable to denial of service
2022-12-28 00:00:00
nvd
nvd
CVE-2021-4235
2022-12-27 22:15:11
debiancve
debiancve
CVE-2021-4235
2022-12-27 22:15:11
cbl_mariner
cbl_mariner
CVE-2021-4235 affecting package etcd 3.5.1-6
2022-12-27 17:58:52
cgr
cgr
CVE-2021-4235 vulnerabilities
2024-05-19 03:07:16
prion
prion
Denial of service
2022-12-27 22:15:00
redhatcve
redhatcve
CVE-2021-4235
2022-12-28 11:35:02
openvas
openvas
Debian: Security Advisory (DLA-3479-1)
2023-07-06 00:00:00
Ubuntu: Security Advisory (USN-6287-1)
2023-08-14 00:00:00
nessus
nessus
Debian DLA-3479-1 : golang-yaml.v2 - LTS security update
2023-07-06 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
2024-04-28 00:00:00
ubuntu
ubuntu
Go yaml vulnerabilities
2023-08-14 00:00:00
debian
debian
[SECURITY] [DLA 3479-1] golang-yaml.v2 security update
2023-07-05 20:29:31
ibm
ibm
Security Bulletin: IBM Planning Analytics Connector for SAP is affected by security vulnerabilities
2024-04-02 18:29:22
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and link following via Go-Yaml, kube-apiserver, Golang Go and Beego
2023-08-29 21:46:23
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-07-03 18:48:48
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.3%
Related for GHSA-R88R-GMRH-7J83