gopkg.in/yaml.v2
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting gopkg.in/yaml.v2page 1 of 1
- CVE-2019-11254MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.2.82020-04-01
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsin…
- CVE-2021-4235MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.2.32022-12-27
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
- CVE-2022-3064HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.42022-12-27
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Check whether gopkg.in/yaml.v2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gopkg.in/yaml.v2 CVEs against the assets you own.
Start Free Scan →