CVE-2023-28118
Published Mar 20, 2023
Last updated 2 years ago
Overview
- Description
- kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-776
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaml_project:kaml:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14E288FA-2A10-49B3-B836-442D90F4A7D4",
"versionEndExcluding": "0.53.0"
}
],
"operator": "OR"
}
]
}
]