{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T03:27:03.895","vulnerabilities":[{"cve":{"id":"CVE-2021-4235","sourceIdentifier":"security@golang.org","published":"2022-12-27T22:15:11.960","lastModified":"2025-04-11T17:15:35.497","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector."},{"lang":"es","value":"Debido a la búsqueda ilimitada de alias, un archivo YAML creado con fines malintencionados puede hacer que el sistema consuma importantes recursos. Si se analiza la entrada del usuario, esto se puede utilizar como un vector de denegación de servicio."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yaml_project:yaml:*:*:*:*:*:go:*:*","versionEndExcluding":"2.2.3","matchCriteriaId":"6ADB4662-19BA-4FB2-88FB-0D8309DE5DB0"}]}]}],"references":[{"url":"https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241","source":"security@golang.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/go-yaml/yaml/pull/375","source":"security@golang.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html","source":"security@golang.org"},{"url":"https://pkg.go.dev/vuln/GO-2021-0061","source":"security@golang.org","tags":["Third Party Advisory"]},{"url":"https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/go-yaml/yaml/pull/375","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pkg.go.dev/vuln/GO-2021-0061","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}