Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
Security
-
Normal
-
Normal
-
User Report
-
All
-
None
-
Description
The OWASP scan is reporting these for both snakeyaml-1.11 and snakeyaml-1.26.
These are similar to CASSANDRA-17907 in that they require access to the yaml to have any effect.
Attachments
Issue Links
- is duplicated by
-
CASSANDRA-19141 Security vulnerabilities in SnakeYAML In Cassandra (CVE-2022-1471)
- Resolved
-
CASSANDRA-20094 snakeyaml1.26 still exists in apache-cassandra-5.0.2
- Resolved
- relates to
-
CASSANDRA-18150 Prefer snakeyaml's SafeConstructor over Constructor
- Resolved
- requires
-
CASSANDRA-18150 Prefer snakeyaml's SafeConstructor over Constructor
- Resolved