{"id":"CVE-2019-1010183","details":"serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later.","modified":"2026-03-14T09:31:35.998727Z","published":"2019-07-25T13:15:11.593Z","references":[{"type":"ADVISORY","url":"https://github.com/dtolnay/serde-yaml/pull/105"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dtolnay/serde-yaml","events":[{"introduced":"46977b24e9662bf1270ec5dc2dc88363695a0c05"},{"last_affected":"49e1e6f064c0c6cc138ed2a3c80e3024b23ba965"}],"database_specific":{"versions":[{"introduced":"0.6.0"},{"last_affected":"0.8.3"}]}}],"versions":["0.6.0","0.6.1","0.6.2","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.8.0","0.8.1","0.8.2","0.8.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010183.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}