CVE-2022-41854 impacting snakeyaml 1.29

[arcadmlafon]

Hi, thanks for this great editor,

I know that in the context of a text editor, this problem may be ignored but just for information there is a vulnerability declared on snakeyaml which may cause application crash depending on the origin of the yaml source. An upgrade to version 1.32 should be great.

See https://nvd.nist.gov/vuln/detail/CVE-2022-41854 for details. (Corrected link !)

[de-jcup]

Thanks for reporting

• https://nvd.nist.gov/vuln/detail/CVE-2022-41854
• will be fixed in next release

Remark: the markdown editor of github does strange things with links to NIST... the origin link above does not target NIST page but instead https://github.com/de-jcup/eclipse-yaml-editor/issues/CVE-2022-41854 which points to nothing...

Seems to be a bug.

[alexsuter]

Hello @de-jcup
Any chance to get a release with updated snakeyaml?