Releases103
Frequency1 month 3 weeks
Last Release
JavaScript parser and stringifier for YAML

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
= *, >= 2.0.0-5, < 2.2.27.5 HIGH

Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.

< 2.2.47.5 HIGH

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

< 2.2.35.5 MEDIUM

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

= 3.0.07.5 HIGH5 MEDIUM

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.