Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2022-28948 - upgrade dependency to the latest version of yaml (gin-contrib still uses yaml.v2) #3306

Closed
ec-porika opened this issue Sep 1, 2022 · 0 comments · Fixed by #3456
Closed

CVE-2022-28948 - upgrade dependency to the latest version of yaml (gin-contrib still uses yaml.v2) #3306

ec-porika opened this issue Sep 1, 2022 · 0 comments · Fixed by #3456

Comments

@ec-porika
Copy link

  • With issues:
    • Use the search tool before opening a new issue.
    • Please provide source code and commit sha if you found a bug.
    • Review existing issues and provide feedback or react to them.

Description

How to reproduce

package main

import (
	"github.com/gin-gonic/gin"
)

func main() {
	g := gin.Default()
	g.GET("/hello/:name", func(c *gin.Context) {
		c.String(200, "Hello %s", c.Param("name"))
	})
	g.Run(":9000")
}

Expectations

$ curl http://localhost:8201/hello/world
Hello world

Actual result

$ curl -i http://localhost:8201/hello/world
<YOUR RESULT>

Environment

  • go version:
  • gin version (or commit ref):
  • operating system:
@ec-porika ec-porika changed the title CVE-2022-28948 - upgrade dependency to the latest version of yaml CVE-2022-28948 - upgrade dependency to the latest version of yaml (gin-contrib still uses yaml.v2) Sep 1, 2022
@thinkerou thinkerou mentioned this issue Jan 2, 2023
Merged
appleboy pushed a commit that referenced this issue Jan 2, 2023
@thinkerou
chore(yaml): upgrade dependency to v3 version (#3456)
c9b2724 
fixes #3451
fixes #3306
fixes #3362
fixes #2581
dnephin pushed a commit to dnephin/gin-binding-tmp that referenced this issue Jan 13, 2023
@thinkerou
chore(yaml): upgrade dependency to v3 version (#3456)
e095a67 
fixes gin-gonic/gin#3451
fixes gin-gonic/gin#3306
fixes gin-gonic/gin#3362
fixes gin-gonic/gin#2581
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(yaml): upgrade dependency to v3 version thinkerou/gin
1 participant
@ec-porika