21 matches found
EUVD-2021-2055
Malware in sbrugna...
EUVD-2023-0975
Malicious code in bioql PyPI...
CVE-2023-28118
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
CVE-2021-39194
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...
Denial Of Service (DoS)
kaml is vulnerable to Denial Of Service DoS. The vulnerability exists because the library by default parses anchors and alias tags, which allows an attacker to cause a billion laugh style attack by providing a malicious input, leading to an application crash...
kaml has potential denial of service while parsing input with anchors and aliases
Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. Workarounds None. References Wikipedia has an explanation ...
GHSA-C24F-2J3G-RG48 kaml has potential denial of service while parsing input with anchors and aliases
Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. Workarounds None. References Wikipedia has an explanation ...
CVE-2023-28118
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
Design/Logic Flaw
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
CVE-2023-28118
Kaml is a YAML support library for kotlinx.serialization. The vulnerability CVE-2023-28118 affects versions prior to 0.53.0, where parsing untrusted input containing anchors and aliases can cause memory exhaustion and a crash (DoS). Starting from 0.53.0, the library refuses to parse YAML document...
charleskorn kaml 安全漏洞
charleskorn kaml is an open source implementation of the YAML format with support for kotlinx.serialization. A security vulnerability exists in kaml versions prior to 0.53.0, which stems from a possible denial of service when parsing input using anchors and aliases...
PT-2023-21575 · Kaml · Kaml
Name of the Vulnerable Software and Affected Versions: kaml versions prior to 0.53.0 Description: The issue affects applications that use kaml to parse untrusted input containing anchors and aliases, potentially leading to excessive memory consumption and crashes. This is related to a class of...
GHSA-FMM9-3GV8-58F4 Improper Handling of Missing Values in kaml
Impact Attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with t...
Improper Handling of Missing Values in kaml
Impact Attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with t...
CVE-2021-39194
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...
Design/Logic Flaw
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...
CVE-2021-39194
CVE-2021-39194 affects kaml, an open-source YAML implementation with kotlinx.serialization support. The issue occurs when processing YAML input for polymorphic types using the default tagged polymorphism style: YAML input that provides a tag but no value can cause the parser to loop indefinitely,...
CVE-2021-39194 Denial of service while parsing polymorphic input with tagged polymorphism style in kaml
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...