Skip to content
This repository has been archived by the owner on Jun 25, 2021. It is now read-only.

RUSTSEC-2018-0005: Uncontrolled recursion leads to abort in deserialization #1844

Closed
github-actions bot opened this issue Oct 12, 2019 · 2 comments
Closed

RUSTSEC-2018-0005: Uncontrolled recursion leads to abort in deserialization #1844

github-actions bot opened this issue Oct 12, 2019 · 2 comments

Comments

@github-actions
Copy link

Uncontrolled recursion leads to abort in deserialization

Details
Package serde_yaml
Version 0.7.5
URL dtolnay/serde-yaml#105
Date 2018-09-17
Patched versions >= 0.8.4
Unaffected versions < 0.6.0-rc1

Affected versions of this crate did not properly check for recursion
while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring
to itself causing an abort.

The flaw was corrected by checking the recursion depth.

See advisory page for additional details.
@madadam
Copy link
Contributor

madadam commented May 28, 2020

Depends on https://github.com/maidsafe/parsec/issues/365

@madadam
Copy link
Contributor

madadam commented Oct 8, 2020

We no longer depend on serde_yaml.

@madadam madadam closed this as completed Oct 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@madadam