https://ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell
Great article! Makes me wonder about the design goals of YAML. I'm guessing unambiguous was not on the list.
Just noticed that our nvd scan on clj-yaml was failing due to a bug in the scanner. Bumped and it is running again.
And... it is reporting CVE-2022-3064, CVE-2021-4235 against snakeyaml.
https://nvd.nist.gov/vuln/detail/CVE-2021-4235 seems like a false positive, I don't see snakeyaml listed.
Can someone else double-check the above to make sure I'm not missing something? If not I can add these to the ignore list.
I can second they're FPs. happy the bump worked!
Thanks @vemv, and thank you also for the nvd-clojure fix!
We’re also having false positives at work ATM.