CVE-2023-47163

Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack in pypi/remarshal

Identifiers

CVE-2023-47163, GHSA-gw7g-qr8w-3448

Package Slug

pypi/remarshal

Vulnerability

Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack

Description

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.

Affected Versions

All versions before 0.17.1

Solution

Upgrade to version 0.17.1 or above.

Last Modified

2023-11-16

source