7.5CVSS
7.4AI Score
0.001EPSS
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service...
5.5CVSS
5.9AI Score
0.001EPSS
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is...
9.8CVSS
9.4AI Score
0.003EPSS
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid...
7.5CVSS
7.3AI Score
0.001EPSS
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution...
8.8CVSS
9AI Score
0.006EPSS
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during...
7.5CVSS
7.5AI Score
0.001EPSS
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and...
6.5CVSS
6.4AI Score
0.001EPSS
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote...
6.5CVSS
6.2AI Score
0.002EPSS
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML...
6.5CVSS
6.2AI Score
0.002EPSS
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML...
6.5CVSS
6.2AI Score
0.002EPSS
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML...
6.5CVSS
6.2AI Score
0.002EPSS
The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2'...
7.5CVSS
7.2AI Score
0.003EPSS
The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML...
5.5CVSS
5.3AI Score
0.001EPSS
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval...
7.4AI Score
0.938EPSS
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function,....
6.7AI Score
0.212EPSS