yaml package for Go can consume excessive amounts of CPU or memory
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Abusively constructed YAML payload can significantly reduce parsing performance potentially leading to DoS.
go-yaml is vulnerable to a Billion Laughs Attack.