Closed petrkotas closed 4 years ago
This PR bumbs go-yaml to v2.2.4, which has the ddos vulnerability fixed.
Issue: go-yaml preceding 2.2.4 had vulnerability to ddos attack via billion laughs bomb. Such attack lead to program to be unresponsive. Issue has been described in https://raesene.github.io/blog/2019/10/15/From-stackoverflow-to-CVE/
Signed-off-by: Petr Kotas petr.kotas@gmail.com
This PR bumbs go-yaml to v2.2.4, which has the ddos vulnerability fixed.
Issue: go-yaml preceding 2.2.4 had vulnerability to ddos attack via billion laughs bomb. Such attack lead to program to be unresponsive. Issue has been described in https://raesene.github.io/blog/2019/10/15/From-stackoverflow-to-CVE/
Signed-off-by: Petr Kotas petr.kotas@gmail.com