Lucene search
+L

5 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 6:55 p.m.3 views

js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU ti...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/30 10:56 p.m.4 views

js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document

A flaw was found in js-yaml, a JavaScript YAML YAML Ain't Markup Language parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service DoS for applications processing the malicious...

7.5CVSS6.4AI score0.00358EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/02/12 10:26 a.m.8 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.5 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
Redos
Redos
added 2021/09/08 12:0 a.m.4 views

ROS-2-2163

2.2163 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

10CVSS8.1AI score0.05984EPSS
Exploits1
Rows per page
Query Builder