Home > Vulnerability Database > CVE-2023-28118

Mend.io Vulnerability Database

CVE-2023-28118

Good to know:

Date: March 20, 2023

kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds.

Language: KOTLIN

Severity Score

7.5

Related Resources (6)

Url: https://github.com/charleskorn/kaml/security/advisories/GHSA-c24f-2j3g-rg48

Url: https://github.com/charleskorn/kaml/commit/5f82a2d7e00bfc307afca05d1dc4d7c50593531a

Url: https://github.com/charleskorn/kaml/releases/tag/0.53.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28118

Url: https://github.com/charleskorn/kaml

Url: https://www.mend.io/vulnerability-database/CVE-2023-28118

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-776

Top Fix

Upgrade Version

Upgrade to version com.charleskorn.kaml:kaml-jvm:0.53.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28118

Good to know:

Date: March 20, 2023

Language: KOTLIN

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?