Lucene search
JpcertCVE-2023-47163HistoryNov 13, 2023 - 3:15 a.m.
CVE-2023-47163
2023-11-1303:15:09
CWE-674
jpcert
web.nvd.nist.gov
34
remarshal
v0.17.1
yaml
alias nodes
billion laughs attack
dos
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
18.8%
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Affected configurations
Node
remarshal_projectremarshalRange<0.17.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| remarshal_project | remarshal | * | cpe:2.3:a:remarshal_project:remarshal:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Remarshal-project",
"product": "Remarshal",
"versions": [
{
"version": "prior to v0.17.1",
"status": "affected"
}
]
}
]Related
veracode
veracode
Denial Of Service (DoS)
2023-11-15 07:06:01
osv
osv
PYSEC-2023-236
2023-11-13 03:15:00
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
2023-11-13 03:30:37
CVE-2023-47163
2023-11-13 03:15:09
prion
prion
Race condition
2023-11-13 03:15:00
jvn
jvn
JVN#86156389: Remarshal unlimitedly expanding YAML alias nodes
2023-11-10 00:00:00
nvd
nvd
CVE-2023-47163
2023-11-13 03:15:09
cvelist
cvelist
CVE-2023-47163
2023-11-13 02:26:42
github
github
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
18.8%
Related for CVE-2023-47163