What is CVE-2021-39194?

CVE-2021-39194 is a vulnerability in the kaml library, which is an open source implementation of the YAML format with support for kotlinx.serialization.

What is the severity of CVE-2021-39194?

CVE-2021-39194 has a severity rating of medium, with a severity value of 6.5.

How does CVE-2021-39194 affect software?

CVE-2021-39194 affects applications that use the kaml library, specifically versions up to and excluding 0.35.3.

How can an attacker exploit CVE-2021-39194?

An attacker can exploit CVE-2021-39194 by providing arbitrary YAML input to an application that uses kaml, causing the application to endlessly loop while parsing the input.

Are there any references for CVE-2021-39194?

Yes, you can find references for CVE-2021-39194 on the following links: [Link 1](https://github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a), [Link 2](https://github.com/charleskorn/kaml/issues/179), [Link 3](https://github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4).

Vulnerability/
CVE-2021-39194

medium

6.5

CWE

835

7/9/2021

14/9/2021

CVE-2021-39194

First published: Tue Sep 07 2021(Updated: )

kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected. YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue. Version 0.35.3 or later contain the fix for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Kaml Project Kaml	<0.35.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-39194?
CVE-2021-39194 is a vulnerability in the kaml library, which is an open source implementation of the YAML format with support for kotlinx.serialization.
What is the severity of CVE-2021-39194?
CVE-2021-39194 has a severity rating of medium, with a severity value of 6.5.
How does CVE-2021-39194 affect software?
CVE-2021-39194 affects applications that use the kaml library, specifically versions up to and excluding 0.35.3.
How can an attacker exploit CVE-2021-39194?
An attacker can exploit CVE-2021-39194 by providing arbitrary YAML input to an application that uses kaml, causing the application to endlessly loop while parsing the input.
Are there any references for CVE-2021-39194?
Yes, you can find references for CVE-2021-39194 on the following links: [Link 1](https://github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a), [Link 2](https://github.com/charleskorn/kaml/issues/179), [Link 3](https://github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4).

collector/nvd-index
agent/severity
agent/references
agent/author
agent/weakness
agent/tags
agent/type
agent/event
agent/description
vendor/kaml project
canonical/kaml project kaml

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.