Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-18149

snakeyaml vulnerabilities: CVE-2021-4235, CVE-2022-1471, CVE-2022-3064

    XMLWordPrintableJSON

Details

    Description

      The OWASP scan is reporting these for both snakeyaml-1.11 and snakeyaml-1.26.

      These are similar to CASSANDRA-17907 in that they require access to the yaml to have any effect.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CASSANDRA-19141 Security vulnerabilities in SnakeYAML In Cassandra (CVE-2022-1471)

          • Urgent - This issue should block release until it is resolved, and trigger immediate release once resolved.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CASSANDRA-20094 snakeyaml1.26 still exists in apache-cassandra-5.0.2

          • Urgent - This issue should block release until it is resolved, and trigger immediate release once resolved.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-18150 Prefer snakeyaml's SafeConstructor over Constructor

          • Normal -
          • Resolved
          requires

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-18150 Prefer snakeyaml's SafeConstructor over Constructor

          • Normal -
          • Resolved

          Activity

            People

              brandon.williams Brandon Williams
              brandon.williams Brandon Williams
              Brandon Williams
              Berenguer Blasi
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: