Vulnerability found in gopkg.in/yaml.v2 in versions < 2.2.8 (CVE-2019-11254)

Our scans (using Mend) detected CVE-2019-11254 in the go-yaml package for versions <2.2.8. More details here
https://github.com/advisories/GHSA-wxc4-f4m6-wwqv

The recommended fix is to upgrade to at least https://github.com/go-yaml/yaml/tree/v2.2.8 

From my understanding, the code in this module is based on an earlier version of go-yaml. Can the go-yaml code base be upgraded to address this vulnerability?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vulnerability found in gopkg.in/yaml.v2 in versions < 2.2.8 (CVE-2019-11254) #9

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Vulnerability found in gopkg.in/yaml.v2 in versions < 2.2.8 (CVE-2019-11254) #9

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions