github.com/go-yaml/yaml
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/go-yaml/yamlpage 1 of 1
- CVE-2019-11254MEDIUMCVSS 6.5EG 6.52020-04-01
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsin…
- CVE-2021-4235MEDIUMCVSS 5.5EG 5.52022-12-27
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Check whether github.com/go-yaml/yaml is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/go-yaml/yaml CVEs against the assets you own.
Start Free Scan →