de-jcup
commented
1 year ago Thanks for reporting
- https://nvd.nist.gov/vuln/detail/CVE-2022-41854
- will be fixed in next release
Remark: the markdown editor of github does strange things with links to NIST... the origin link above does not target NIST page but instead https://github.com/de-jcup/eclipse-yaml-editor/issues/CVE-2022-41854 which points to nothing...
Seems to be a bug.
Hi, thanks for this great editor,
I know that in the context of a text editor, this problem may be ignored but just for information there is a vulnerability declared on snakeyaml which may cause application crash depending on the origin of the yaml source. An upgrade to version 1.32 should be great.
See https://nvd.nist.gov/vuln/detail/CVE-2022-41854 for details.