CVSS v3.x: 8.8 (High)
- >= 2.0.2
A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML.
The problem has been patched in opensearch-ruby gem version 2.0.2.
No viable workaround. Please upgrade to 2.0.2