RUSTSEC-2018-0005: serde_yaml: Uncontrolled recursion leads to abort in deserialization


Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

More Info

Patched Versions

Unaffected Versions