Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-1748

CVE-2019-11254 - Known vulnerability in yaml.v2 v2.2.2

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.4.2
    • Affects Version/s: 1.4.1
    • Component/s: Core API
    • None

      The latest of the mongo-go-driver imports 2 packages which in turn import gopkg.in/yaml.v2-v2.2.2, this has a vulnerability identified in https://nvd.nist.gov/vuln/detail/CVE-2019-11254 and first exposed in the kubernetes API - https://github.com/kubernetes/kubernetes/issues/89535 

      The 2 packages are:

      github.com/pelletier/go-toml@v1.4.0

      github.com/stretchr/testify@v1.4.0

      the current versions of both package are patched to a higher level of the yaml package.

            Assignee:
            divjot.arora@mongodb.com Divjot Arora (Inactive)
            Reporter:
            nicholas_beenham@cable.comcast.com Nicholas Beenham
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: