Gdude2002

**Name of the Vulnerable Software and Affected Versions** kaml versions prior to 0.53.0 **Description** The issue affects applications that use kaml to parse untrusted input containing anchors and aliases, potentially leading to excessive memory consumption and crashes. This is related to a class of vulnerability known as a "billion laughs attack", which is explained on Wikipedia. There are no known workarounds for this issue. **Recommendations** For versions prior to 0.53.0, update to version 0.53.0 or later, which defaults to refusing to parse YAML documents containing anchors and aliases. As a temporary workaround, consider avoiding the use of anchors and aliases in YAML documents until the issue is resolved.