We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-28948 high severity Vulnerable versions: < 3.0.0-20220521103104-8f96da9f5d5e Patched version: 3.0.0-20220521103104-8f96da9f5d5e
An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input.
Upgrade gopkg.in/yaml.v3 to version 3.0.0-20220521103104-8f96da9f5d5e or later. For example:
require gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e
github.com/stretchr/testify
github.com/IBM/keyprotect-go-client is inheriting this issue from github.com/stretchr/testify@v1.7.0
github.com/IBM/keyprotect-go-client
github.com/stretchr/testify@v1.7.0
❯ ggdh 'gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c' github.com/IBM/keyprotect-go-client@v0.12.3 ⬇ github.com/stretchr/testify@v1.7.0 ⬇ gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c
The text was updated successfully, but these errors were encountered:
No branches or pull requests
go-yaml/yaml#666
Details
An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input.
Remediation
Upgrade gopkg.in/yaml.v3 to version 3.0.0-20220521103104-8f96da9f5d5e or later.
For example:
Update
github.com/stretchr/testifygh.neting.cc/IBM/keyprotect-go-clientis inheriting this issue fromgh.neting.cc/stretchr/testify@v1.7.0The text was updated successfully, but these errors were encountered: