Open IzhakJakov opened 1 year ago
CVE-2022-28948 high severity Vulnerable versions: < 3.0.0-20220521103104-8f96da9f5d5e Patched version: 3.0.0-20220521103104-8f96da9f5d5e
An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input.
Upgrade gopkg.in/yaml.v3 to version 3.0.0-20220521103104-8f96da9f5d5e or later. For example:
require gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e
github.com/stretchr/testify
github.com/IBM/keyprotect-go-client is inheriting this issue from github.com/stretchr/testify@v1.7.0
github.com/IBM/keyprotect-go-client
github.com/stretchr/testify@v1.7.0
❯ ggdh 'gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c' github.com/IBM/keyprotect-go-client@v0.12.3 ⬇ github.com/stretchr/testify@v1.7.0 ⬇ gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c
go-yaml/yaml#666
Details
An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input.
Remediation
Upgrade gopkg.in/yaml.v3 to version 3.0.0-20220521103104-8f96da9f5d5e or later. For example:
Update
github.com/stretchr/testifygithub.com/IBM/keyprotect-go-clientis inheriting this issue fromgithub.com/stretchr/testify@v1.7.0