go-yaml/yaml

go-yaml/yaml

Releases16

Frequency3 months 1 week

Last Release about 4 years ago

Stars7.02K

YAML support for the Go language.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-3064 ↗	Dec 27, 2022Tuesday, 27 December 2022, 22:15	7.5 HIGH	—
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
CVE-2021-4235 ↗	Dec 27, 2022Tuesday, 27 December 2022, 22:15	5.5 MEDIUM	—
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
CVE-2022-28948 ↗	May 19, 2022Thursday, 19 May 2022, 20:15	7.5 HIGH	5 MEDIUM
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.