You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Improper input validation allows to parse malicious YAML payloads, causing the server to consume excessive CPU or memory, potentially crashing and becoming unavailable.
This issue is likely resolved, and decoding no longer unnecessarily consumes memory or CPU. However, when encoding large values, resource consumption will increase proportionally to the size of those values.
Improper input validation allows to parse malicious YAML payloads, causing the server to consume excessive CPU or memory, potentially crashing and becoming unavailable.
How to reproduce
The following .yaml file will be unmarshalled into several GB.
Expected behavior
Some checks should be implemented to prevent excessive memory usage.
See Add large document benchmarks, tune alias heuristic, add max depth limits #515 and go-yaml/yaml/blob/v3/decode.go.
Version Variables
Additional context
CVE-2022-3064
GHSA-6q6q-88xp-6f2r
The text was updated successfully, but these errors were encountered: