Yaml

yaml

Vendor: Yaml Project • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2251 1Yaml Project 1Yaml Nov 21, 2024 Apr 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
CVE-2022-3064 1Yaml Project 1Yaml Apr 14, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
CVE-2021-4235 1Yaml Project 1Yaml Apr 11, 2025 Dec 27, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
CVE-2022-28948 2Netapp Yaml Project 2Astra Trident Yaml Nov 21, 2024 May 19, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.