Fix serde_yaml — CVE-2023-33201 HIGH
Fix CVE-2023-33201 (HIGH) in serde_yaml for Rust. Paste your Cargo.toml into PackageFix and get a patched version — no CLI, no signup. Denial of service via crafted yaml alias anchors.
⚠ Vulnerability
CVE-2023-33201 (HIGH) — denial of service via crafted YAML alias anchors in serde_yaml below 0.9.34.
Vulnerable — Cargo.toml
serde_yaml = "0.9.21"
Fixed — Cargo.toml
serde_yaml = "0.9.34"
✓ Fix
Update serde_yaml to 0.9.34 and run cargo update.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2023-33201 |
| Severity | HIGH |
| Package | serde_yaml (Rust) |
| Safe version | 0.9.34 |
| CISA KEV | — |
| Description | Denial of service via crafted yaml alias anchors |
Frequently Asked Questions
What is CVE-2023-33201?
CVE-2023-33201 is a HIGH severity vulnerability in serde_yaml (Rust) that allows denial of service via crafted YAML alias anchors. Update to 0.9.34 or later.
How do I fix CVE-2023-33201 in serde_yaml?
Update serde_yaml to version 0.9.34 in your Cargo.toml and run cargo update.
Is CVE-2023-33201 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2023-33201?
After updating, paste your Cargo.toml into PackageFix again. If CVE-2023-33201 no longer appears in the CVE table, the fix is applied.