We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Uncontrolled recursion leads to abort in deserialization
yaml-rust
0.3.5
>= 0.4.1
Affected versions of this crate did not prevent deep recursion while deserializing data structures.
This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it.
The flaw was corrected by checking the recursion depth.
See advisory page for additional details.
The text was updated successfully, but these errors were encountered:
Upstream issue, we should keep our dependencies up-to-date, but I don't want to pollute our issue tracker.
Sorry, something went wrong.
No branches or pull requests
yaml-rust
0.3.5
>= 0.4.1
Affected versions of this crate did not prevent deep recursion while
deserializing data structures.
This allows an attacker to make a YAML file with deeply nested structures
that causes an abort while deserializing it.
The flaw was corrected by checking the recursion depth.
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: