Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service while parsing polymorphic input with tagged polymorphism style in kaml
Vulnerability Description
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected. YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue. Version 0.35.3 or later contain the fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
charleskorn kaml 安全漏洞
Vulnerability Description
charleskorn kaml是YAML格式的开源实现,支持kotlinx.serialization。 kaml 0.35.3之前版本存在安全漏洞,攻击者可以向使用kaml的应用程序提供任意YAML输入的攻击者可能会导致应用程序在解析输入时无限循环。
CVSS Information
N/A
Vulnerability Type
N/A