Uncontrolled recursion leads to abort in deserialization #2506
Comments
|
Duplicate of #1569. Hello, you marked that you searched other issues. Can you please explain how you did not find this one? |
I was able to find it earlier and somehow it looked to me that it would be fixed by clap 2.33.3, maybe I misread then.. But even after following #1569 I am not able to understand how to fix this problem. Do I understand correctly that it is only fixed for clap 3 onwards and not for 2.33.* ? Thanks. |
Ahh, I was able to get over it. Thanks. clap = { version = "3.0.0-beta.2", features = ["yaml"] } |
Please complete the following tasks
Rust Version
rustc 1.52.1 (9bc8c42bb 2021-05-09)
Clap Version
v2.33.3
Minimal reproducible code
Steps to reproduce the bug with the above code
Have this dependency in Carto.toml
clap = { version = "2.33.3", features = ["yaml"] }
and do:
$ cargo audit -q
Actual Behaviour
$ cargo audit -q
Crate: yaml-rust
Version: 0.3.5
Title: Uncontrolled recursion leads to abort in deserialization
Date: 2018-09-17
ID: RUSTSEC-2018-0006
URL: https://rustsec.org/advisories/RUSTSEC-2018-0006
Solution: Upgrade to >=0.4.1
Dependency tree:
yaml-rust 0.3.5
└── clap 2.33.3
└── vhost-device-i2c 0.1.0
error: 1 vulnerability found!
Expected Behaviour
No errors
Additional Context
https://buildkite.com/rust-vmm/vhost-device-ci/builds/13#c50950ee-b2cb-4726-896a-fe2ac287ad79
Link to the issue.
Debug Output
No response
The text was updated successfully, but these errors were encountered: