CVE-2022-3064 — Uncontrolled Resource Consumption in Yaml.v2 Gopkg.in Yaml.v2
Severity
7.5HIGHNVD
OSV5.5
EPSS
2.2%
top 15.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedDec 27
Latest updateAug 14
Description
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages8 packages
Patches
🔴Vulnerability Details
5OSV▶
CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory↗2022-12-27