UBUNTU-CVE-2021-4235
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 27 Dec 2022, 22:15
Last modified:20 May 2026, 16:05
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Dec 2022, 22:15
Published
Vulnerability first disclosed
20 May 2026, 16:05
Last Modified
Vulnerability information updated
Description
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Systems
- ubuntu•golang-github-coreos-discovery-etcd-io
all | all | all | all | all
- ubuntu•golang-yaml.v2
< 0.0+git20160301.0.a83829b-1ubuntu0.1~esm1 | < 0.0+git20170407.0.cd8b52f-1ubuntu2+esm1 | < 2.2.2-1ubuntu0.1
- ubuntu•singularity-container
all | all | all
- ubuntu•webhook
all | all | all | all | all | all