{"id":"GO-2021-0061","summary":"Denial of service in gopkg.in/yaml.v2","details":"Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.","aliases":["CVE-2021-4235","GHSA-r88r-gmrh-7j83"],"modified":"2026-03-17T04:05:42.380845Z","published":"2021-04-14T20:04:52Z","related":["CGA-8cfw-g9m8-h5q8","RHSA-2022:7398"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2021-0061"},"references":[{"type":"FIX","url":"https://github.com/go-yaml/yaml/pull/375"},{"type":"FIX","url":"https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241"}],"affected":[{"package":{"name":"gopkg.in/yaml.v2","ecosystem":"Go","purl":"pkg:golang/gopkg.in/yaml.v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.2.3"}]}],"ecosystem_specific":{"imports":[{"path":"gopkg.in/yaml.v2","symbols":["Decoder.Decode","Unmarshal","UnmarshalStrict","decoder.unmarshal"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0061.json"}},{"package":{"name":"github.com/go-yaml/yaml","ecosystem":"Go","purl":"pkg:golang/github.com/go-yaml/yaml"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/go-yaml/yaml","symbols":["Decoder.Decode","Unmarshal","UnmarshalStrict","decoder.unmarshal"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0061.json"}}],"schema_version":"1.7.5","credits":[{"name":"@simonferquel"}]}