Gopkg.In Yaml.V2 vulnerabilities
3 known vulnerabilities affecting gopkg.in/yaml.v2.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-3064HIGH≥ 0, < 2.2.42022-12-28
CVE-2022-3064 [HIGH] CWE-400 yaml package for Go can consume excessive amounts of CPU or memory
yaml package for Go can consume excessive amounts of CPU or memory
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory
ghsaosv
CVE-2021-4235MEDIUM≥ 0, < 2.2.32022-12-28
CVE-2021-4235 [MEDIUM] YAML Go package vulnerable to denial of service
YAML Go package vulnerable to denial of service
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
ghsaosv
CVE-2019-11254MEDIUM≥ 0, < 2.2.82021-12-20
CVE-2019-11254 [MEDIUM] CWE-1050 Excessive Platform Resource Consumption within a Loop in Kubernetes
Excessive Platform Resource Consumption within a Loop in Kubernetes
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
ghsaosv