Main Vulnerability Database SB2021090730

SB2021090730 - Infinite loop in kaml

Published: September 7, 2021 Updated: February 18, 2026

Security Bulletin ID SB2021090730

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Infinite loop (CVE-ID: CVE-2021-39194)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote user can provide arbitrary YAML input to an application that uses kaml to cause the application to endlessly loop while parsing the input leading to resource starvation and denial of service.

Remediation

Install update from vendor's website.

References

https://github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a
https://github.com/charleskorn/kaml/issues/179
https://github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4