34 matches found
CVE-2026-33320 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
Dasel 安全漏洞
Dasel is a command-line data querying and conversion tool developed by Tom Wright. Versions of Dasel from 3.0.0 to 3.3.1 had security vulnerabilities. These vulnerabilities stemmed from the YAML reader’s handling of alias nodes without proper extension restrictions, which could lead to excessive...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded expansion of YAML aliases during the process. An attacker can exhaust system resources, causing CPU and memory consumption to spike, by providing crafted YAML input containing deeply nested or...
GO-2026-4768 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel...
GHSA-4FCP-JXH7-23X8 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...
CVE-2025-47911 affecting package dasel for versions less than 2.8.1-3
CVE-2025-47911 affecting package dasel for versions less than 2.8.1-3. A patched version of the package is available...
CVE-2025-58190 affecting package dasel for versions less than 2.8.1-3
CVE-2025-58190 affecting package dasel for versions less than 2.8.1-3. A patched version of the package is available...
AZL-76925 CVE-2025-58190 affecting package dasel 2.8.1-2
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76922 CVE-2025-47911 affecting package dasel 2.8.1-2
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2
CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2. A patched version of the package is available...
CVE-2025-22872 affecting package dasel for versions less than 2.8.1-2
CVE-2025-22872 affecting package dasel for versions less than 2.8.1-2. A patched version of the package is available...
AZL-64185 CVE-2025-22872 affecting package dasel for versions less than 2.8.1-2
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-64182 CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...