eclipse-yaml-editor icon indicating copy to clipboard operation
eclipse-yaml-editor copied to clipboard
verified publisher icon de-jcup

CVE-2022-41854 impacting snakeyaml 1.29

Open arcadmlafon opened this issue 3 years ago • 2 comments

Hi, thanks for this great editor,

I know that in the context of a text editor, this problem may be ignored but just for information there is a vulnerability declared on snakeyaml which may cause application crash depending on the origin of the yaml source. An upgrade to version 1.32 should be great.

See https://nvd.nist.gov/vuln/detail/CVE-2022-41854 for details. (Corrected link !)

arcadmlafon avatar Nov 23 '22 09:11 arcadmlafon

Thanks for reporting

Remark: the markdown editor of github does strange things with links to NIST... the origin link above does not target NIST page but instead https://github.com/de-jcup/eclipse-yaml-editor/issues/CVE-2022-41854 which points to nothing...

Seems to be a bug.

de-jcup avatar Mar 27 '23 15:03 de-jcup