CVE-2023-2251

NameCVE-2023-2251
DescriptionUncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs1035580

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-yaml (PTS)bullseye1.10.0-4fixed
bookworm, sid2.1.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-yamlsourcebullseye(not affected)
node-yamlsource(unstable)2.1.3-21035580

Notes

[bullseye] - node-yaml <not-affected> (Vulnerable code not present)
https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c
https://github.com/advisories/GHSA-f9xv-q969-pqx4
Introduced by: https://github.com/eemeli/yaml/commit/89119eeec4a305d741b26d1a49ffa1ac67394a8e#diff-55db69e02ff5714d444d8081ec6ecac5d9833fb29fda64d1e829e5766434fdc0R97 (v2.0.0-5)
Fixed by: https://www.github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba (v2.2.2)

Search for package or bug name: Reporting problems