Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack
High severity
GitHub Reviewed
Published
Nov 13, 2023
to the GitHub Advisory Database
•
Updated Nov 17, 2023
Description
Published by the National Vulnerability Database
Nov 13, 2023
Published to the GitHub Advisory Database
Nov 13, 2023
Reviewed
Nov 14, 2023
Last updated
Nov 17, 2023
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
References