2 matches found
CVE-2023-28118
Kaml is a YAML support library for kotlinx.serialization. The vulnerability CVE-2023-28118 affects versions prior to 0.53.0, where parsing untrusted input containing anchors and aliases can cause memory exhaustion and a crash (DoS). Starting from 0.53.0, the library refuses to parse YAML document...
CVE-2021-39194
CVE-2021-39194 affects kaml, an open-source YAML implementation with kotlinx.serialization support. The issue occurs when processing YAML input for polymorphic types using the default tagged polymorphism style: YAML input that provides a tag but no value can cause the parser to loop indefinitely,...