CVE-2021-4235
MEDIUMyaml < 2.2.3 - Denial of Service via Unbounded Alias Chasing
Title source: llmDescription
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
References (4)
Core 4
Core References
Patch, Third Party Advisory
https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
Exploit, Patch, Third Party Advisory
https://github.com/go-yaml/yaml/pull/375
Third Party Advisory
https://pkg.go.dev/vuln/GO-2021-0061
Scores
CVSS v3
5.5
EPSS
0.0042
EPSS Percentile
33.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
Status
published
Products (3)
go-yaml/yaml
0Go
gopkg.in/yaml.v2
0 - 2.2.3Go
yaml_project/yaml
< 2.2.3
Published
Dec 27, 2022
Tracked Since
Feb 18, 2026