CVE-2023-47163

Publication date

2023-11-13 02:26:42

Family

jpcert

State

PUBLISHED

Description

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.