Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.Referenceshttps://github.com/remarshal-project/remarshal/releases/tag/v0.17.1https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494https://jvn.jp/en/jp/JVN86156389/
