[jenkinsci/radargun-plugin] 63aba3: [SECURITY-1733] Use safe Yaml parser constructor

Vojtěch Juránek Tue, 11 Feb 2020 15:00:28 -0800

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/radargun-plugin
  Commit: 63aba3b31d1a8ea140f26923eb48a25ef7f87e87
      
https://github.com/jenkinsci/radargun-plugin/commit/63aba3b31d1a8ea140f26923eb48a25ef7f87e87
  Author: Vojtech Juranek <vojtech.jura...@gmail.com>
  Date:   2020-02-06 (Thu, 06 Feb 2020)


  Changed paths:
    M 
src/main/java/org/jenkinsci/plugins/radargun/yaml/YamlNodeConfigParser.java

  Log Message:
  -----------
  [SECURITY-1733] Use safe Yaml parser constructor

We don't do any checks what YAML config provided by user contains, so it
can contain also random java code, resulting into remote code execution
after loading. To rpevent it, use snakeyaml SafeConstructor which allows
to load only standard java objects.


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/radargun-plugin/push/refs/heads/master/40af49-63aba3%40github.com.

[jenkinsci/radargun-plugin] 63aba3: [SECURITY-1733] Use safe Yaml parser constructor

Reply via email to