Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using complex arrays as map keys may hang the process #475

Closed
rlidwka opened this issue Mar 20, 2019 · 0 comments

Comments

Projects
None yet
2 participants
@rlidwka
Copy link
Member

commented Mar 20, 2019

Arrays can be yaml keys. Arrays can be arbitrarily nested data structures that can reference each other. Yaml keys are serialized into strings.

As a result, we have a possibility of user creating yaml that will cause map key to grow exponentially from linearly growing input.

? - &c
    - &a 1
    - &b 2
  - &d
    - *a
    - *b
: key

expands into { "1,2,1,2": "key" }

?
  - &e
    - &c
      - &a 1
      - &b 2
    - &d
      - *a
      - *b
  - &f
    - *c
    - *d
: key

expands into { "1,2,1,2,1,2,1,2": "key" }

?
  - &g
    - &e
      - &c
        - &a 1
        - &b 2
      - &d
        - *a
        - *b
    - &f
      - *c
      - *d
  - &h
    - *e
    - *f
: key

expands into { "1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2": "key" }

Which is doubling the output, with only linearly growing input... and so on. Give it 30 levels of nesting, you'll get 1GB worth of data out of 10kB input file.

relevant issue here: #169

@puzrin puzrin added the bug label Mar 20, 2019

@rlidwka rlidwka closed this in a567ef3 Mar 20, 2019

cappadona added a commit to cul-it/mann-wagon that referenced this issue Jun 6, 2019

Bump to sass-lint@1.13.1
Along with all dependencies which in turn bumps to js-yaml@3.13.1 to
address the multiple severity vulnerabilities [1, 2] as reported by
GitHub's dependency graph.

[1] nodeca/js-yaml#475
[2] nodeca/js-yaml#480

cappadona added a commit to cul-it/mann-wagon that referenced this issue Jun 6, 2019

Bump to sass-lint@1.13.1 (#993)
Along with all dependencies which in turn bumps to js-yaml@3.13.1 to
address the multiple severity vulnerabilities [1, 2] as reported by
GitHub's dependency graph.

[1] nodeca/js-yaml#475
[2] nodeca/js-yaml#480

facebook-github-bot added a commit to facebook/relay that referenced this issue Jun 7, 2019

yarn upgrade --deep (#2758)
Summary:
Addressing CVE WS-2019-0032:

Affected versions: < 3.13.0
Fixed in version: 3.13.0
Reference: nodeca/js-yaml#475
Pull Request resolved: #2758

Reviewed By: alunyov

Differential Revision: D15702131

Pulled By: kassens

fbshipit-source-id: a81c27bc1f22a8caf788c70db3bc3856b6c4241f

poveden added a commit to axa-group/oauth2-mock-server that referenced this issue Jun 7, 2019

@poveden poveden referenced this issue Jun 7, 2019

Merged

Poveden/security fixes #13

3 of 3 tasks complete

@s2terminal s2terminal referenced this issue Jun 8, 2019

Merged

Security fix #24

@zgreen zgreen referenced this issue Jun 10, 2019

Merged

V3.0.4 #39

billchurch added a commit to billchurch/nodejs-read-config that referenced this issue Jun 13, 2019

billchurch added a commit to billchurch/webssh2 that referenced this issue Jun 13, 2019

Missing require('fs') in `server/app.js` See issue [#135](../../issue…
…s/135)

- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
- Patched read-config to mitigate vulnerability in js-yaml
  - issue not exploitable on webssh2 implementation
  - patched anyway
  - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
  - See nodeca/js-yaml#475 for more detail

maxpou added a commit to maxpou/gatsby-starter-morning-dew that referenced this issue Jun 14, 2019

cacilhas added a commit to cacilhas/cacilhas.github.io that referenced this issue Jun 20, 2019

fix js-yaml
WS-2019-0032
nodeca/js-yaml#475

WS-2019-0063
nodeca/js-yaml#480

simonwiles added a commit to sul-cidr/noh that referenced this issue Jul 3, 2019

jessp01 added a commit to kaltura/developer-platform that referenced this issue Jul 8, 2019

gflohr added a commit to gflohr/qgoda that referenced this issue Jul 11, 2019

krubenok added a commit to hackmcgill/mchacks6 that referenced this issue Jul 13, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.