Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-4041

4 CVE Vulnerabilities in snakeyaml-1.30.jar 

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 9.0.0-M8, 8.0.12
    • 9.0.0.RC1, 8.0.13
    • None

    Description

      There are 4 new CVE variabilities in snakeyaml-1.30.jar vulnerable to Denial of Service attacks (DOS)

      CVE-2022-25857

      CVE-2022-38749

      CVE-2022-38750

      CVE-2022-38751

       

      Attachments

        Issue Links

          is related to

          Dependency upgrade - Upgrading a dependency to a newer version TOMEE-4042 Jackson 2.13.4

          • Major - Major loss of function.
          • Resolved

          Dependency upgrade - Upgrading a dependency to a newer version TOMEE-4044 Snakeyaml 1.32

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              rzo1 Richard Zowalla
              9177012889 Yugandher reddy vonteddu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: