Lucene search

CVE-2021-4235

🗓️ 27 Dec 2022 22:11:15Reported by [email protected]Type

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 47
UbuntuCve	CVE-2021-4235	27 Dec 202200:00	–	ubuntucve
Veracode	Denial Of Service (DoS)	30 Dec 202210:49	–	veracode
Wolfi	CVE-2021-4235 vulnerabilities	27 Dec 202222:15	–	wolfi
Prion	Denial of service	27 Dec 202222:15	–	prion
OSV	CGA-P836-MCW8-43J4	6 Jun 202412:28	–	osv
OSV	CVE-2021-4235	27 Dec 202222:15	–	osv
OSV	GO-2021-0061 Denial of service in gopkg.in/yaml.v2	14 Apr 202120:04	–	osv
OSV	GHSA-R88R-GMRH-7J83 YAML Go package vulnerable to denial of service	28 Dec 202200:30	–	osv
OSV	UBUNTU-CVE-2021-4235	27 Dec 202222:15	–	osv
OSV	DLA-3479-1 golang-yaml.v2 - security update	5 Jul 202300:00	–	osv

Nvd

Node

yaml_project yamlRange<2.2.3go

Source	Link
github	www.github.com/go-yaml/yaml/pull/375
pkg	www.pkg.go.dev/vuln/GO-2021-0061
github	www.github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
lists	www.lists.debian.org/debian-lts-announce/2023/07/msg00001.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Dec 2022 22:15Current

CVSS35.5

EPSS0.00025