supply-chain-check

[Linish2020]

No description provided.

[semgrep-code-pov]

Risk: PyYAML before 5.4 is vulnerable to remote code injection. Use yaml.safe_load or Loader=SafeLoader, or upgrade to PyYAML 5.4.

Fix: Upgrade this library to at least version 5.4 at pygoat/requirements.txt:27.

Reference(s): GHSA-8q59-q68h-6hv4, CVE-2020-14343

_{💬 To ignore this, reply with:
• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by ssc-decb291c-6853-46cb-8684-af4c9788fad2.}

[semgrep-code-pov]

Risk: pyyaml before 5.3.1 is vulnerable to remote code injection. Use yaml.safe_load or Loader=SafeLoader, or upgrade to pyyaml 5.3.1.

Fix: Upgrade this library to at least version 5.3.1 at pygoat/requirements.txt:27.

Reference(s): GHSA-6757-jp84-gxfx, CVE-2020-1747

_{💬 To ignore this, reply with:
• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by ssc-86f1612b-2f3e-44af-ab0a-b6be01580ba9.}

[semgrep-code-pov]

Risk: pyyaml before 5.2 is vulnerable to OS command injection via deserialization of untrusted data. Use yaml.safe_load or Loader=SafeLoader, or upgrade to pyyaml 5.2.

Fix: Upgrade this library to at least version 5.2 at pygoat/requirements.txt:27.

Reference(s): GHSA-3pqx-4fqf-j49f, CVE-2019-20477

_{💬 To ignore this, reply with:
• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by ssc-efd016fa-8c38-4e68-abff-32484b95992a.}

[sonarqubecloud]

Quality Gate failed

Failed conditions
E Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE