Lucene search
K

12 matches found

CVE
CVE
added 2026/03/24 12:6 a.m.8 views

CVE-2026-33320

CVE-2026-33320 affects the Dasel project: versions 3.0.0 through prior to 3.3.1 expose an unbounded CPU/memory denial of service via YAML processing. The flaw lies in Dasel’s UnmarshalYAML implementation, which manually resolves yaml.Node.Alias pointers without any expansion budget, bypassing go-...

6.2CVSS5.8AI score0.00211EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/03/23 6:14 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded expansion of YAML aliases during the process. An attacker can exhaust system resources, causing CPU and memory consumption to spike, by providing crafted YAML input containing deeply nested or...

6.9CVSS5.9AI score0.00211EPSS
Exploits1References3
NVD
NVD
added 2026/03/06 4:16 a.m.8 views

CVE-2026-27807

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

4.9CVSS0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/06 2:48 a.m.4 views

EUVD-2026-9968

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

4.9CVSS5.8AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 2:48 a.m.30 views

CVE-2026-27807 MarkUs: YAML alias (‘billion laughs’) DoS in config upload

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

4.9CVSS0.00284EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.2 views

CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

4.3CVSS6.9AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2024/08/02 11:8 a.m.4 views

OESA-2024-1938 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote Do...

4.3CVSS6.7AI score0.00494EPSS
Exploits0References2
OSV
OSV
added 2024/06/28 11:8 a.m.4 views

OESA-2024-1780 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote Do...

4.3CVSS6.7AI score0.00494EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/04 12:18 p.m.2 views

SUSE CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

4.3CVSS7AI score0.00494EPSS
Exploits0References6
CVE
CVE
added 2024/05/29 8:18 p.m.83 views

CVE-2024-35221

CVE-2024-35221 targets Rubygems.org’s gem publishing workflow. A Gem publisher could trigger a Remote DoS by publishing a Gem whose metadata is parsed with Gem::Specification.from_yaml, which uses SafeYAML.load and permits YAML aliases, enabling YAML-bomb style DoS. The issue is documented as pat...

4.3CVSS4.5AI score0.00494EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/29 8:18 p.m.55 views

CVE-2024-35221 Denial of service when publishing a package on rubygems.org

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

4.3CVSS4.6AI score0.00494EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.4 views

PT-2023-21575 · Kaml · Kaml

Name of the Vulnerable Software and Affected Versions: kaml versions prior to 0.53.0 Description: The issue affects applications that use kaml to parse untrusted input containing anchors and aliases, potentially leading to excessive memory consumption and crashes. This is related to a class of...

7.5CVSS7.3AI score0.00974EPSS
Exploits0References8
Rows per page
Query Builder