Denial of service from the big world to the small world

Preface: Perhaps the historical information can be enrich our knowledge base. Even through you think the information I posted by today not very useful. However this is so called database. See whether you are still interested in this matter today?

Background:

The Flutter framework is a popular, multi-platform UI toolkit that’s powered by the Dart platform, and that provides tooling and UI libraries to build UI experiences that run on iOS, Android, macOS, Windows, Linux, and the web. When creating configuration files for application projects, languages like Python and the Google-developed Flutter framework for Dart both use YAML (. yaml). Furthermore, YAML can be used to format containerized files. Cloud computing operations also using it.

There are several libraries available to parse. yaml is a popular library to read yaml files. yaml_writer library is used to write to a yaml file.

• yaml[.]dart for reading
• yaml_writer for write operations

yaml is a popular library in dart and flutter for reading the yaml file and yaml_writer for writing to yaml document.

Ref: YAML is a data serialization language that is often used for writing configuration files. Depending on whom you ask, YAML stands for yet another markup language or YAML ain’t markup language (a recursive acronym), which emphasizes that YAML is for data, not documents. 

Vulnerability details: Certain versions of Gopkg[.]in/yaml[.]v2 from Gopkg[.]inyaml[.]v2 contain the following vulnerability:
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

Official announcement: For details about the vulnerability, please refer to the official announcement – https://pkg.go.dev/vuln/GO-2022-0956

Wish you a Happy New Year.