← back
CVE-2023-47163

CVE-2023-47163

EPSS 1.0%
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Affected products
Remarshal-project · Remarshal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1https://jvn.jp/en/jp/JVN86156389/