RUSTSEC-2018-0005: serde_yaml: Uncontrolled recursion leads to abort in deserialization

Description

Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

More Info

https://github.com/dtolnay/serde-yaml/pull/105

Patched Versions

Unaffected Versions