Yaml Project Security Vulnerabilities

CVE-2021-4235

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2022-28948

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

CVE-2022-3064

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

CVE-2023-2251

Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.