Closed heyLu closed 1 year ago
This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.
Is there an update on this available?
It would be great if this could be fixed.
Sorry for the delay. I am poking the team right now to see what is up.
This should have be resolved since Christmas. Closing.
Thanks for the heads up on the issue.
Vulnerability URL Provide the URL to the vulnerability. For example:
Component URL Provide the URL to the component. For example:
Description
This vulnerability does not apply to yaml.v2, only yaml.v3. This is visible both in the linked issue https://github.com/go-yaml/yaml/issues/665 and the related on at https://github.com/go-yaml/yaml/issues/666#issuecomment-1133337993 where it is described that the vulnerability was misattributed to yaml.v2.