CVE-2023-28118

Name of the Vulnerable Software and Affected Versions kaml versions prior to 0.53.0

Description The issue affects applications that use kaml to parse untrusted input containing anchors and aliases, potentially leading to excessive memory consumption and crashes. This is related to a class of vulnerability known as a "billion laughs attack", which is explained on Wikipedia. There are no known workarounds for this issue.

Recommendations For versions prior to 0.53.0, update to version 0.53.0 or later, which defaults to refusing to parse YAML documents containing anchors and aliases. As a temporary workaround, consider avoiding the use of anchors and aliases in YAML documents until the issue is resolved.