Project

General

Profile

Actions

Bug #22983

closed

Snake-yaml dependency in zio-json is subjected to CVE

Added by François ARMAND over 1 year ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Architecture - Code maintenance
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

zio-json-yaml comes with snakeyaml 1.33, which is subjected to cve-2022-1471 (https://www.veracode.com/blog/research/resolving-cve-2022-1471-snakeyaml-20-release-0)

We can use version 2.0 to correct the problem, what we tried to tell maven to do, but failed to.

Actions

Also available in: Atom PDF