1. Home
  2. Vulnerabilities
  3. CVE-2023-28118

CVE-2023-28118

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.11 % (46th)
0.11% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds.

Weaknesses
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2023-03-20 13:15:11
(18 months ago)
Updated Date
2023-03-24 18:00:16
(18 months ago)

Affected Products

Kaml Project

Configuration #1

    CPE23 From Up To
  Kaml Project Kaml prior 0.53.0 version cpe:2.3:a:kaml_project:kaml < 0.53.0