CVE-2022-28948: gopkg.in/yaml.v3 Denial of Service
(updated )
An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input.
References
- github.com/advisories/GHSA-hp87-p4gw-j4gq
- github.com/go-yaml/yaml
- github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754
- github.com/go-yaml/yaml/commit/f6f7691b1fdeb513f56608cd2c32c51f8194bf51
- github.com/go-yaml/yaml/issues/665
- github.com/go-yaml/yaml/issues/666
- nvd.nist.gov/vuln/detail/CVE-2022-28948
- security.netapp.com/advisory/ntap-20220923-0006
Code Behaviors & Features
Detect and mitigate CVE-2022-28948 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →