30 matches found
Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal
Summary dasel's selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as r/abc. A 2-byte input r/ is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8 a...
Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string
Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...
GHSA-M5J3-4634-C2VQ Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string
Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...
PT-2026-42045
Name of the Vulnerable Software and Affected Versions dasel versions 3.0.0 through 3.3.1 Description The selector lexer contains a flaw that leads to a non-terminating loop when tokenizing an unterminated regex pattern, such as r/. This occurs because the matchRegexPattern closure within the...
PT-2026-42044
Name of the Vulnerable Software and Affected Versions dasel versions 3.0.0 through 3.3.1 Description The selector lexer contains a flaw that causes a process crash via a Go runtime panic when tokenizing a quoted string that ends with a trailing backslash. This occurs because the escape sequence...
CVE-2026-46378
creationtimestamp| type| source ---|---|--- 2026-05-13 20:50:17+00:00| published-proof-of-concept| https://github.com/TomWright/dasel/security/advisories/GHSA-m6xr-fvfg-5g64...
SUSE CVE-2026-33320
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
Linux Distros Unpatched Vulnerability : CVE-2026-33320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel'...
CVE-2026-33320
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
CVE-2026-33320
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
CVE-2026-33320
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
UBUNTU-CVE-2026-33320
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
CVE-2026-33320
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
CVE-2026-33320
CVE-2026-33320 affects the Dasel project: versions 3.0.0 through prior to 3.3.1 expose an unbounded CPU/memory denial of service via YAML processing. The flaw lies in Dasel’s UnmarshalYAML implementation, which manually resolves yaml.Node.Alias pointers without any expansion budget, bypassing go-...
CVE-2026-33320 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
CVE-2026-33320 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
CVE-2026-33320
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...
Dasel 安全漏洞
Dasel is a command-line data querying and conversion tool developed by Tom Wright. Versions of Dasel from 3.0.0 to 3.3.1 had security vulnerabilities. These vulnerabilities stemmed from the YAML reader’s handling of alias nodes without proper extension restrictions, which could lead to excessive...
GO-2026-4768 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded expansion of YAML aliases during the process. An attacker can exhaust system resources, causing CPU and memory consumption to spike, by providing crafted YAML input containing deeply nested or...