CVE-2022-28948 (High) detected in github.com/go-yaml/yaml-v3.0.0 - autoclosed #155
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Projects
CVE-2022-28948 - High Severity Vulnerability
Vulnerable Library - github.com/go-yaml/yaml-v3.0.0
YAML support for the Go language.
Dependency Hierarchy:
Found in HEAD commit: 9f5964432916f8bb2d183050ee7cfacbda90184b
Found in base branch: main
Vulnerability Details
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
Publish Date: 2022-05-19
URL: CVE-2022-28948
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-hp87-p4gw-j4gq
Release Date: 2022-05-19
Fix Resolution: 3.0.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: