Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-674" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:24:44Z" }