/ 
YAML-LibYAML-0.42
⭐ Starred 33
/ YAML::XS
Security Advisories (4)
CVE-2014-9130 (2014-12-08)

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

CPANSA-YAML-LibYAML-2016-01 (2016-03-10)

Need SafeLoad and SafeDump analog to python

CVE-2012-1152 (2012-09-09)

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.

CVE-2025-40908 (2025-06-01)

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

NAME

YAML::XS - Perl YAML Serialization using XS and libyaml

SYNOPSIS

use YAML::XS;

my $yaml = Dump [ 1..4 ];
my $array = Load $yaml;

DESCRIPTION

Kirill Siminov's libyaml is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby.

This module is a Perl XS binding to libyaml which offers Perl the best YAML support to date.

This module exports the functions Dump, Load, DumpFile and LoadFile. These functions are intended to work exactly like YAML.pm's corresponding functions.

CONFIGURATION

$YAML::XS::UseCode
$YAML::XS::DumpCode
$YAML::XS::LoadCode

If enabled supports deparsing and evaling of code blocks.

$YAML::XS::QuoteNumericStrings

When true (the default) strings that look like numbers but have not been numified will be quoted when dumping.

This ensures leading that things like leading zeros and other formatting are preserved.

USING YAML::XS WITH UNICODE

Handling unicode properly in Perl can be a pain. YAML::XS only deals with streams of utf8 octets. Just remember this:

$perl = Load($utf8_octets);
$utf8_octets = Dump($perl);

There are many, many places where things can go wrong with unicode. If you are having problems, use Devel::Peek on all the possible data points.

SEE ALSO

  • YAML.pm

  • YAML::Syck

  • YAML::Tiny

AUTHOR

Ingy döt Net <ingy@cpan.org>

COPYRIGHT

Copyright 2007-2014. Ingy döt Net.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html

1 POD Error

The following errors were encountered while parsing the POD:

Around line 59:

You forgot a '=back' before '=head1'