Please help prevent duplicate issues before submitting a new one:
- [ x] I've searched other open/closed issues for duplicates before opening up this new issue.
Report
Our SAST report picked up a high vulnerability within this library
- "If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134)."
What did you do?
Configured SAST to run within GitLab pipelines for our iOS project.
What did you expect to happen?
No high vulnerabilities
What happened instead?
Three high vulnerabilities related to this library has been flagged, two of which are in the cmark/config.h file.
We're on the latest version of this library and need to be able to reduce all critical and high vulnerabilities in order to ensure we're releasing secure products.
Please help prevent duplicate issues before submitting a new one:
Report
Our SAST report picked up a high vulnerability within this library
What did you do?
Configured SAST to run within GitLab pipelines for our iOS project.
What did you expect to happen?
No high vulnerabilities
What happened instead?
Three high vulnerabilities related to this library has been flagged, two of which are in the
cmark/config.hfile.We're on the latest version of this library and need to be able to reduce all critical and high vulnerabilities in order to ensure we're releasing secure products.