9 matches found
CVE-2019-1010183
serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...
RUSTSEC-2024-0359 The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...
BeerHolderBot (>=0.3.5 <=0.3.8), BiliupApi (>=0.1.0 <=0.1.7) +2438 more potentially affected by unknown CVE via serde_yaml (>=0.6.2 <=0.8.26)
serdeyaml CARGO version =0.6.2, =0.3.5, =0.1.0, =0.1.0, =0.0.9, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.1.1, =0.1.1, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-39VW-QP34-RMWF...
serde-yaml denial of service vulnerability
serde-yaml is a Rust library that supports the use of both the Serde serialization framework and data in YAML format. A security vulnerability exists in serde serdeyaml versions 0.6.0 through 0.8.3. An attacker can exploit this vulnerability to cause a denial of service...
CVE-2019-1010183
serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...
CVE-2019-1010183
serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...
Deserialization of untrusted data
serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from functions all deserialization functions. The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later...
CVE-2019-1010183
The CVE-2019-1010183 entry concerns the Rust serde_yaml library (versions 0.6.0–0.8.3). The root cause is Uncontrolled Recursion in the from_* deserialization functions, enabling a Denial of Service when parsing a malicious YAML file. The impact is described as availability impact (Partial in CVS...
BeerHolderBot (>=0.3.5 <=0.3.8), BiliupApi (>=0.1.0 <=0.1.7) +2438 more potentially affected by unknown CVE via serde_yaml (>=0.6.2 <=0.8.26)
serdeyaml CARGO version =0.6.2, =0.3.5, =0.1.0, =0.1.0, =0.0.9, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.1.1, =0.1.1, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2018-0005...