9 matches found
Design/Logic Flaw
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...
CVE-2023-28118
Kaml is a YAML support library for kotlinx.serialization. The vulnerability CVE-2023-28118 affects versions prior to 0.53.0, where parsing untrusted input containing anchors and aliases can cause memory exhaustion and a crash (DoS). Starting from 0.53.0, the library refuses to parse YAML document...
CVE-2021-39194
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...
CVE-2021-39194
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...
Design/Logic Flaw
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...
CVE-2021-39194
CVE-2021-39194 affects kaml, an open-source YAML implementation with kotlinx.serialization support. The issue occurs when processing YAML input for polymorphic types using the default tagged polymorphism style: YAML input that provides a tag but no value can cause the parser to loop indefinitely,...
CVE-2021-39194 Denial of service while parsing polymorphic input with tagged polymorphism style in kaml
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...