remarshal-project/remarshal

Releases37

Frequency3 months 3 weeks

Last Release about 1 month ago

Stars549

Convert between CBOR, JSON, MessagePack, TOML, and YAML 1.1 & 1.2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-47163 ↗	Nov 13, 2023Monday, 13 November 2023, 03:15	7.5 HIGH	—
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.