CVE-2026-33320

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

GHSA-4FCP-JXH7-23X8 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

PT-2026-26480

Name of the Vulnerable Software and Affected Versions Dasel versions 3.0.0 through 3.3.1 Description Dasel’s YAML reader is susceptible to excessive CPU and memory consumption when processing YAML data supplied by an attacker. This occurs because the library’s UnmarshalYAML implementation...

PT-2023-19712 · Esoteric · Esoteric Yamlbeans

Name of the Vulnerable Software and Affected Versions: Esoteric YamlBeans versions through 1.15 Description: An issue was discovered in Esoteric YamlBeans where a crafted YAML document can perform an XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAM...