Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-16150

Upgrade to snakeyaml >= 1.26 version for CVE-2017-18640 fix

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Fix Version/s: 4.0-beta3, 4.0
    • Component/s: Dependencies
    • Labels:
      None

      Description

      There have been critical level CVE (CVE-2017-18640) discovered in snakeyaml version earlier to 1.26. This has been patched into snakeyaml version 1.26.

      Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-18640

      This card is expected to upgrade the snakeyaml version to 1.26.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                crazylab Rahul Nandi
                Reporter:
                crazylab Rahul Nandi
                Authors:
                Rahul Nandi
                Reviewers:
                Alex Petrov, David Capwell
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: