Remarshal
1 CVEs
product
Monthly
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Remarshal
NVD
GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-47163
PyPI
EPSS 1%
CVSS 7.5
HIGH
PATCH
This Week
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Remarshal
NVD
GitHub