Using complex arrays as map keys may hang the process #475
Labels
Comments
cappadona
added a commit
to cul-it/mann-wagon
that referenced
this issue
Jun 6, 2019
Along with all dependencies which in turn bumps to js-yaml@3.13.1 to address the multiple severity vulnerabilities [1, 2] as reported by GitHub's dependency graph. [1] nodeca/js-yaml#475 [2] nodeca/js-yaml#480
cappadona
added a commit
to cul-it/mann-wagon
that referenced
this issue
Jun 6, 2019
Along with all dependencies which in turn bumps to js-yaml@3.13.1 to address the multiple severity vulnerabilities [1, 2] as reported by GitHub's dependency graph. [1] nodeca/js-yaml#475 [2] nodeca/js-yaml#480
facebook-github-bot
pushed a commit
to facebook/relay
that referenced
this issue
Jun 7, 2019
Summary: Addressing CVE WS-2019-0032: Affected versions: < 3.13.0 Fixed in version: 3.13.0 Reference: nodeca/js-yaml#475 Pull Request resolved: #2758 Reviewed By: alunyov Differential Revision: D15702131 Pulled By: kassens fbshipit-source-id: a81c27bc1f22a8caf788c70db3bc3856b6c4241f
poveden
added a commit
to axa-group/oauth2-mock-server
that referenced
this issue
Jun 7, 2019
Fixes: - WS-2019-0032 (nodeca/js-yaml#475) - WS-2019-0063 (nodeca/js-yaml#480) - WS-2019-0064 (handlebars-lang/handlebars.js@v4.1.1...v4.1.2)
3 tasks
billchurch
added a commit
to billchurch/nodejs-read-config
that referenced
this issue
Jun 13, 2019
billchurch
added a commit
to billchurch/webssh2
that referenced
this issue
Jun 13, 2019
…s/135) - Missing require('fs') in `server/app.js` See issue [#135](../../issues/135) - Patched read-config to mitigate vulnerability in js-yaml - issue not exploitable on webssh2 implementation - patched anyway - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config - See nodeca/js-yaml#475 for more detail
maxpou
added a commit
to maxpou/gatsby-starter-morning-dew
that referenced
this issue
Jun 14, 2019
Trying to fix: js-yaml (nodeca/js-yaml#475 / nodeca/js-yaml#480)
cacilhas
pushed a commit
to cacilhas/cacilhas.github.io
that referenced
this issue
Jun 20, 2019
WS-2019-0032 nodeca/js-yaml#475 WS-2019-0063 nodeca/js-yaml#480
This was referenced Jun 21, 2019
simonwiles
added a commit
to sul-cidr/noh
that referenced
this issue
Jul 3, 2019
jessp01
pushed a commit
to kaltura/developer-platform
that referenced
this issue
Jul 8, 2019
This was referenced May 6, 2022
This was referenced Jun 16, 2022
This was referenced Aug 10, 2022
This was referenced Feb 7, 2023
This was referenced Feb 7, 2023
This was referenced Feb 27, 2023
This was referenced Mar 7, 2023
This was referenced Jun 27, 2023
This was referenced Aug 17, 2023
This was referenced Jun 23, 2023
This was referenced Dec 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Arrays can be yaml keys. Arrays can be arbitrarily nested data structures that can reference each other. Yaml keys are serialized into strings.
As a result, we have a possibility of user creating yaml that will cause map key to grow exponentially from linearly growing input.
expands into
{ "1,2,1,2": "key" }expands into
{ "1,2,1,2,1,2,1,2": "key" }expands into
{ "1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2": "key" }Which is doubling the output, with only linearly growing input... and so on. Give it 30 levels of nesting, you'll get 1GB worth of data out of 10kB input file.
relevant issue here: #169
The text was updated successfully, but these errors were encountered: