Phil Zampino created KNOX-1194:
----------------------------------

             Summary: AdminUI should use safe versions of YAML load and dump 
methods.
                 Key: KNOX-1194
                 URL: https://issues.apache.org/jira/browse/KNOX-1194
             Project: Apache Knox
          Issue Type: Bug
          Components: AdminUI
    Affects Versions: 1.1.0
            Reporter: Phil Zampino
            Assignee: Phil Zampino
             Fix For: 1.1.0


The AdminUI currently user js-yaml methods load and dump. It should be using 
safeLoad and safeDump to limit the risks associated with handling untrusted 
YAML.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to