CVE-2023-47163

Published: Nov 13, 2023

Modified: Jan 8, 2025

PUBLISHED

Description

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.

Vendor	Product	Versions
Remarshal-project	Remarshal	affected `prior to v0.17.1`

References

https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1

https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494

https://jvn.jp/en/jp/JVN86156389/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-47163

Description

Affected Products

References