Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jan 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: jpcert
Published: 2023-11-13T02:26:42.658Z
Updated: 2025-01-08T21:35:11.153Z
Reserved: 2023-10-31T00:29:57.924Z
Link: CVE-2023-47163

Updated: 2024-08-02T21:01:22.828Z

Status : Modified
Published: 2023-11-13T03:15:09.743
Modified: 2024-11-21T08:29:52.983
Link: CVE-2023-47163

No data.