PT-2023-30338 · Remarshal · Remarshal

Taichi Kotake

·

Publicado

2023-11-13

·

Atualizado

2023-11-16

·

CVE-2023-47163

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Remarshal versions prior to 0.17.1
Description The issue allows for the expansion of YAML alias nodes unlimitedly, making Remarshal susceptible to a Billion Laughs Attack. This can lead to a denial-of-service (DoS) condition when processing untrusted YAML files.
Recommendations For versions prior to 0.17.1, update to version 0.17.1 or later to resolve the issue. As a temporary workaround, consider avoiding the processing of untrusted YAML files until the update is applied.

Correção

Uncontrolled Recursion

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-674CWE-400

Identificadores relacionados

CVE-2023-47163
GHSA-GW7G-QR8W-3448
PYSEC-2023-236

Produtos afetados

Remarshal