5 matches found
CVE-2026-15007 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via deeply nested YAML in release notes configuration
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...
CVE-2026-15007 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via deeply nested YAML in release notes configuration
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...
CVE-2026-15007
The CVE describes a Denial of Service in GitHub Enterprise Server caused by parsing a repository release notes configuration file with deeply nested YAML, without a nesting depth limit. When release notes are generated, this can consume excessive resources and render the instance unresponsive. Af...
EUVD-2026-45188
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...
GHSA-48C2-RRV3-QJMP yaml is vulnerable to Stack Overflow via deeply nested YAML collections
Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...