VYPR
Vendor

Tomwright

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-46378higMay 19, 2026
    risk 0.39cvss epss 0.00

    ### Summary `dasel`'s selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as `r/abc`. A 2-byte input (`r/`) is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely. I confirmed the issue on `v3.3.1`…

  • CVE-2026-46377higMay 19, 2026
    risk 0.38cvss epss 0.00

    ### Summary `dasel`'s selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash (e.g., `"\` or `'\`). A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on `v3.3.1`…

  • CVE-2026-33320Mar 24, 2026
    risk 0.00cvss epss 0.00

    Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The…