What is CVE-2021-39194?

CVE-2021-39194 is a medium-severity vulnerability in Charleskorn Kaml, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 4.3/10. Published 2021-09-07.

How severe is CVE-2021-39194?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Charleskorn Kaml

CVE-2021-39194

kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endless…

EPSS: 0.005 (65.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

Charleskorn Kaml — versions < 0.35.2

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4 (x_refsource_CONFIRM)
github.com/charleskorn/kaml/issues/179 (x_refsource_MISC)
github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-39194?: CVE-2021-39194 is a medium-severity vulnerability in Charleskorn Kaml, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 4.3/10. Published 2021-09-07.
How severe is CVE-2021-39194?: Medium severity. CVSS v3 base score is 4.3 out of 10.