github.com/stretchr/testify-v1.7.0: 1 vulnerabilities (highest severity is: 7.5) - autoclosed
Closed this issue · 1 comments
mend-for-github-com commented
Vulnerable Library - github.com/stretchr/testify-v1.7.0
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2022-28948 |  High |
7.5 | github.com/go-yaml/yaml-496545a6307b2a7d7a710fd516e5e16e8ab62dbc | Transitive | N/A | ❌ |
Details
CVE-2022-28948
Vulnerable Library - github.com/go-yaml/yaml-496545a6307b2a7d7a710fd516e5e16e8ab62dbc
YAML support for the Go language.
Dependency Hierarchy:
- github.com/stretchr/testify-v1.7.0 (Root Library)
- ❌ github.com/go-yaml/yaml-496545a6307b2a7d7a710fd516e5e16e8ab62dbc (Vulnerable Library)
Found in base branch: main
Vulnerability Details
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
Publish Date: 2022-05-19
URL: CVE-2022-28948
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-hp87-p4gw-j4gq
Release Date: 2022-05-19
Fix Resolution: 3.0.0
mend-for-github-com commented
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.