New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in gopkg.in/yaml.v2: CVE-2022-3064 #956
Comments
Change https://go.dev/cl/425081 mentions this issue: |
Reopening for us to add the CVE metadata. |
This is CVE-2022-3064 |
Change https://go.dev/cl/426694 mentions this issue: |
tatianab
changed the title
x/vulndb: potential Go vuln in gopkg.in/yaml.v2
x/vulndb: potential Go vuln in gopkg.in/yaml.v2: CVE-2022-3064
Aug 30, 2022
gopherbot
pushed a commit
that referenced
this issue
Aug 30, 2022
Updates #956 Change-Id: Id812cfd56fb28601f9202a1eb3931b6b3d70d8b9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/426694 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
v2.2.4 of
gopkg.in/yaml.v2
includes fixes for excessive CPU consumption when parsing untrusted inputs:https://github.com/go-yaml/yaml/tags
Affected Modules, Packages, Versions and Symbols
Does this vulnerability already have an associated CVE ID?
No
CVE ID
No response
Credit
No response
CWE ID
No response
Pull Request
No response
Commit
No response
References
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: