Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-18150

Prefer snakeyaml's SafeConstructor over Constructor

    XMLWordPrintableJSON

Details

    Description

      CVE-2022-1471 allows RCE through the Constructor class. While this isn't a concern since yaml is only used for configuration, it is simple enough to switch to SafeConstructor and harden the server a little more.

      Attachments

        Issue Links

          Activity

            People

              brandon.williams Brandon Williams
              brandon.williams Brandon Williams
              Brandon Williams
              Berenguer Blasi
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: