CVE-2022-32511: JMESPath for Ruby using JSON.load instead of JSON.parse
(updated )
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
References
Detect and mitigate CVE-2022-32511 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →