CVE-2024-45412

Name of the Vulnerable Software and Affected Versions: Yeti versions prior to 2.1.11

Description: The issue concerns a denial of service vulnerability. Remote user-controlled data tags can lead to Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial of service with attacks, potentially worsened by the use of special Unicode characters.

Recommendations: For versions prior to 2.1.11, update to version 2.1.11 to resolve the issue. As a temporary workaround, consider restricting the use of remote user-controlled data tags until the patch is applied.