[TINKERPOP-2796] High severity security vulnerability found in snakeyaml - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.6.1
Fix Version/s: 3.7.0, 3.6.2, 3.5.5
Component/s: console, server
Labels:
None

Description

The package org.yaml:snakeyaml is included in server an console at version 1.27 and is flagged by this high severity security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-25857

The fix is in version ~~1.31~~ 1.32 and later

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Aaron Coady

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Sep/22 11:33

Updated:: 22/Sep/22 16:41

Resolved:: 22/Sep/22 01:02