CVE-2021-4235

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yaml_project:yaml:*:*:*:*:*:go:*:*

History

21 Nov 2024, 06:37

Type Values Removed Values Added
Summary
  • (es) Debido a la búsqueda ilimitada de alias, un archivo YAML creado con fines malintencionados puede hacer que el sistema consuma importantes recursos. Si se analiza la entrada del usuario, esto se puede utilizar como un vector de denegación de servicio.
References () https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 - Patch, Third Party Advisory () https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 - Patch, Third Party Advisory
References () https://github.com/go-yaml/yaml/pull/375 - Exploit, Patch, Third Party Advisory () https://github.com/go-yaml/yaml/pull/375 - Exploit, Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html - () https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html -
References () https://pkg.go.dev/vuln/GO-2021-0061 - Third Party Advisory () https://pkg.go.dev/vuln/GO-2021-0061 - Third Party Advisory

Information

Published : 2022-12-27 22:15

Updated : 2025-04-11 17:15


NVD link : CVE-2021-4235

Mitre link : CVE-2021-4235

CVE.ORG link : CVE-2021-4235


JSON object : View

Products Affected

yaml_project

  • yaml