Lucene search
+L

34 matches found

osv
osv
added 2026/03/24 12:6 a.m.10 views

CVE-2026-33320 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

6.2CVSS6.4AI score0.00211EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/03/24 12:0 a.m.9 views

Dasel 安全漏洞

Dasel is a command-line data querying and conversion tool developed by Tom Wright. Versions of Dasel from 3.0.0 to 3.3.1 had security vulnerabilities. These vulnerabilities stemmed from the YAML reader’s handling of alias nodes without proper extension restrictions, which could lead to excessive...

6.2CVSS6.4AI score0.00211EPSS
Exploits1References1
snyk
snyk
added 2026/03/23 6:14 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded expansion of YAML aliases during the process. An attacker can exhaust system resources, causing CPU and memory consumption to spike, by providing crafted YAML input containing deeply nested or...

6.9CVSS5.9AI score0.00211EPSS
Exploits1References3
osv
osv
added 2026/03/23 6:14 p.m.3 views

GO-2026-4768 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel...

6.2CVSS5.8AI score0.00211EPSS
Exploits1References1
osv
osv
added 2026/03/19 12:50 p.m.4 views

GHSA-4FCP-JXH7-23X8 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

6.2CVSS5.9AI score0.00211EPSS
Exploits1References3
github
github
added 2026/03/19 12:50 p.m.6 views

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

6.2CVSS5.9AI score0.00211EPSS
Exploits1References3Affected Software1
cbl_mariner
cbl_mariner
added 2026/03/10 10:56 p.m.3 views

CVE-2025-47911 affecting package dasel for versions less than 2.8.1-3

CVE-2025-47911 affecting package dasel for versions less than 2.8.1-3. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/03/10 10:56 p.m.6 views

CVE-2025-58190 affecting package dasel for versions less than 2.8.1-3

CVE-2025-58190 affecting package dasel for versions less than 2.8.1-3. A patched version of the package is available...

5.3CVSS5.8AI score0.00482EPSS
Exploits1
osv
osv
added 2026/02/05 6:16 p.m.8 views

AZL-76925 CVE-2025-58190 affecting package dasel 2.8.1-2

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS5.7AI score0.00482EPSS
Exploits1References1
osv
osv
added 2026/02/05 6:16 p.m.7 views

AZL-76922 CVE-2025-47911 affecting package dasel 2.8.1-2

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
cbl_mariner
cbl_mariner
added 2025/07/10 3:9 p.m.8 views

CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2

CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2. A patched version of the package is available...

5.3CVSS7.3AI score0.00874EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2025/07/10 3:9 p.m.6 views

CVE-2025-22872 affecting package dasel for versions less than 2.8.1-2

CVE-2025-22872 affecting package dasel for versions less than 2.8.1-2. A patched version of the package is available...

6.5CVSS7.3AI score0.00478EPSS
Exploits0
osv
osv
added 2025/04/16 6:16 p.m.4 views

AZL-64185 CVE-2025-22872 affecting package dasel for versions less than 2.8.1-2

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.00478EPSS
Exploits0References1
osv
osv
added 2024/12/18 9:15 p.m.6 views

AZL-64182 CVE-2024-45338 affecting package dasel for versions less than 2.8.1-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00874EPSS
Exploits0References1
Rows per page
Query Builder