This package has limited bug data (2 entries). Check back later or see the package health page for the full signal.
serde_yaml known bugs
cargo2 known bugs in serde_yaml, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
2
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| medium | 0.6.0-rc1 | 0.8.4 | Uncontrolled recursion leads to abort in deserialization Affected versions of this crate did not properly check for recursion
while deserializing aliases.
This allows an attacker to make a YAML file with an alias referring
to itself causing an abort.
The flaw was corrected by checking the recursion depth. | fixed | osv:RUSTSEC-2018-0005 |
| medium | 0.6.0-rc1 | 0.8.4 | Uncontrolled recursion leads to abort in deserialization Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth.
| fixed | osv:GHSA-39vw-qp34-rmwf |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/cargo/serde_yaml