High severityNVD Advisory· Published Nov 13, 2023· Updated Jan 8, 2025

CVE-2023-47163

Description

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
remarshalPyPI	< 0.17.1	0.17.1

Affected products

ghsa-coords
pkg:pypi/remarshal
Range: < 0.17.1
remarshal-project/Remarshalcpe-rescue
Range: prior to v0.17.1

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-gw7g-qr8w-3448ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-47163ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/remarshal/PYSEC-2023-236.yamlghsaWEB
github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494ghsaWEB
github.com/remarshal-project/remarshal/releases/tag/v0.17.1ghsaWEB
jvn.jp/en/jp/JVN86156389ghsaWEB
jvn.jp/en/jp/JVN86156389/mitre

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000