envoyproxy/envoy

Audit YAML parsing code path

Open

#9.039 geöffnet am 15. Nov. 2019

Auf GitHub ansehen
 (1 Kommentar) (0 Reaktionen) (0 zugewiesene Personen)C++ (5.373 Forks)batch import
area/securityhelp wantedtech debt

Repository-Metriken

Stars
 (27.997 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 8T) (378 gemergte PRs in 30 T)

Beschreibung

The YAML parser we're using are not robust to untrust input, it should only be used to parse local file. We should add some basic limitation in the code base to prevent it happening.

Contributor Guide