Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
5.5CVSS
5.4AI Score
0.001EPSS
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
7.5CVSS
7.2AI Score
0.001EPSS
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
7.5CVSS
7.5AI Score
0.007EPSS
7.5CVSS
7.3AI Score
0.001EPSS