Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
kaml has potential denial of service while parsing input with anchors and aliases
Vulnerability Description
kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
DTD中递归实体索引的不恰当限制(XML实体扩展)
Vulnerability Title
charleskorn kaml 安全漏洞
Vulnerability Description
charleskorn kaml是YAML格式的开源实现,支持kotlinx.serialization。 kaml 0.53.0之前版本存在安全漏洞,该漏洞源于使用锚点和别名解析输入时可能出现拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A