CVE-2019-1010183

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1010183

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010183.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-1010183

Published

2019-07-25T13:15:11.593Z

Modified

2026-03-14T09:31:35.998727Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

serde serdeyaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later.

References

https://github.com/dtolnay/serde-yaml/pull/105

Affected packages

Git / github.com/dtolnay/serde-yaml

Affected ranges

Type

GIT

Repo

https://github.com/dtolnay/serde-yaml

Events

Introduced

46977b24e9662bf1270ec5dc2dc88363695a0c05

Last affected

49e1e6f064c0c6cc138ed2a3c80e3024b23ba965

Database specific

{
    "versions": [
        {
            "introduced": "0.6.0"
        },
        {
            "last_affected": "0.8.3"
        }
    ]
}

Affected versions

0.*

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.8.0

0.8.1

0.8.2

0.8.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010183.json"