yaql is vulnerable to Information Disclosure. The vulnerability is due to improper handling of attribute access in the YAQL library’s ‘format’ function, allowing unauthorized users to access sensitive information, including service account credentials.