FriendsOfPHP/security-advisories

Yaml parsing fails with `symfony/yaml` 3.0.0

Ocramius opened this issue · 2 comments

Hit it by accident, but strings such as versions: [>=3.0.0,<3.2.1] don't seem to be valid Yaml.

Here is an example trace of how I hit this:

PHP Fatal error:  Uncaught Symfony\Component\Yaml\Exception\ParseException: The reserved indicator ">" cannot start a plain scalar; you need to quote the scalar at line 7 (near "versions: [>=3.0.0,<3.2.1]"). in vendor/symfony/yaml/Inline.php:241
Stack trace:
#0 vendor/symfony/yaml/Inline.php(317): Symfony\Component\Yaml\Inline::parseScalar('[>=3.0.0,<3.2.1...', Array, Array, 8, true, Array)
#1 vendor/symfony/yaml/Inline.php(63): Symfony\Component\Yaml\Inline::parseSequence('[>=3.0.0,<3.2.1...', 8, Array)
#2 vendor/symfony/yaml/Parser.php(479): Symfony\Component\Yaml\Inline::parse('[>=3.0.0,<3.2.1...', true, false, false, Array)

see #131

\o/
On Dec 12, 2015 10:25, "Fabien Potencier" notifications@github.com wrote:

Closed #130
#130 via #131
#131.


Reply to this email directly or view it on GitHub
#130 (comment)
.