Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-674" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-08-06T17:45:03Z" }