Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using complex arrays as map keys may hang the process #475

Closed
rlidwka opened this issue Mar 20, 2019 · 0 comments
Closed

Using complex arrays as map keys may hang the process #475

rlidwka opened this issue Mar 20, 2019 · 0 comments
Labels

Comments

@rlidwka
Copy link
Member

@rlidwka rlidwka commented Mar 20, 2019

Arrays can be yaml keys. Arrays can be arbitrarily nested data structures that can reference each other. Yaml keys are serialized into strings.

As a result, we have a possibility of user creating yaml that will cause map key to grow exponentially from linearly growing input.

? - &c
    - &a 1
    - &b 2
  - &d
    - *a
    - *b
: key

expands into { "1,2,1,2": "key" }

?
  - &e
    - &c
      - &a 1
      - &b 2
    - &d
      - *a
      - *b
  - &f
    - *c
    - *d
: key

expands into { "1,2,1,2,1,2,1,2": "key" }

?
  - &g
    - &e
      - &c
        - &a 1
        - &b 2
      - &d
        - *a
        - *b
    - &f
      - *c
      - *d
  - &h
    - *e
    - *f
: key

expands into { "1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2": "key" }

Which is doubling the output, with only linearly growing input... and so on. Give it 30 levels of nesting, you'll get 1GB worth of data out of 10kB input file.

relevant issue here: #169

@puzrin puzrin added the bug label Mar 20, 2019
@rlidwka rlidwka closed this in a567ef3 Mar 20, 2019
cappadona added a commit to cul-it/mann-wagon that referenced this issue Jun 6, 2019
Along with all dependencies which in turn bumps to js-yaml@3.13.1 to
address the multiple severity vulnerabilities [1, 2] as reported by
GitHub's dependency graph.

[1] nodeca/js-yaml#475
[2] nodeca/js-yaml#480
cappadona added a commit to cul-it/mann-wagon that referenced this issue Jun 6, 2019
Along with all dependencies which in turn bumps to js-yaml@3.13.1 to
address the multiple severity vulnerabilities [1, 2] as reported by
GitHub's dependency graph.

[1] nodeca/js-yaml#475
[2] nodeca/js-yaml#480
facebook-github-bot added a commit to facebook/relay that referenced this issue Jun 7, 2019
Summary:
Addressing CVE WS-2019-0032:

Affected versions: < 3.13.0
Fixed in version: 3.13.0
Reference: nodeca/js-yaml#475
Pull Request resolved: #2758

Reviewed By: alunyov

Differential Revision: D15702131

Pulled By: kassens

fbshipit-source-id: a81c27bc1f22a8caf788c70db3bc3856b6c4241f
poveden added a commit to axa-group/oauth2-mock-server that referenced this issue Jun 7, 2019
billchurch added a commit to billchurch/nodejs-read-config that referenced this issue Jun 13, 2019
billchurch added a commit to billchurch/webssh2 that referenced this issue Jun 13, 2019
…s/135)

- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)
- Patched read-config to mitigate vulnerability in js-yaml
  - issue not exploitable on webssh2 implementation
  - patched anyway
  - sending my patch upstream to read-config, webssh2 package.json points to patched version in my repository https://github.com/billchurch/nodejs-read-config
  - See nodeca/js-yaml#475 for more detail
maxpou added a commit to maxpou/gatsby-starter-morning-dew that referenced this issue Jun 14, 2019
cacilhas added a commit to cacilhas/cacilhas.github.io that referenced this issue Jun 20, 2019
simonwiles added a commit to sul-cidr/noh that referenced this issue Jul 3, 2019
jessp01 added a commit to kaltura/developer-platform that referenced this issue Jul 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants