[TINKERPOP-2894] Need upgrade to snakeyaml 1.3.4 or later - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: 3.6.2
Fix Version/s: None
Component/s: server
Labels:
- Ironbank

Description

snakeyaml-1.3.2 is causing the following vulerability...

SnakeYaml Constructor Deserialization Remote Code Execution

https://github.com/advisories/GHSA-mjmj-j48q-9wg2

Attachments

Issue Links

duplicates

TINKERPOP-2902 Critical security vulnerability in snakeyaml

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Jim Foscue

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09/Mar/23 20:42

Updated:: 13/Mar/23 18:09

Resolved:: 13/Mar/23 18:09