Gopkg.In Yaml.V2 Gopkg.In Yaml.V2 vulnerabilities
2 known vulnerabilities affecting gopkg.in/yaml.v2_gopkg.in_yaml.v2.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-3064HIGHCVSS 7.5fixed in 2.2.42022-12-27
CVE-2022-3064 [HIGH] CWE-400 CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
nvd
CVE-2021-4235MEDIUMCVSS 5.5fixed in 2.2.32022-12-27
CVE-2021-4235 [MEDIUM] CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume sign
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
nvd