karate Upgrade snakeyaml from 1.29 to 1.31 fixing CVE-2022-25857

Upgrade snakeyaml from 1.29 to 1.31 fixing CVE-2022-25857

Open julianladisch opened this issue 2 years ago • 1 comments

Upgrading org.yaml:snakeyaml from 1.29 to 1.31 in karate-core fixes a Denial of Service (DoS) vulnerability caused by a missing nested depth limitation for collections.

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

Sep 05 '22 13:09 julianladisch

@julianladisch thanks for the PR !

Sep 05 '22 14:09 ptrthomas

1.3.0 released

Nov 02 '22 17:11 ptrthomas

karate karate copied to clipboard

Upgrade snakeyaml from 1.29 to 1.31 fixing CVE-2022-25857

karate
karate copied to clipboard