[jira] [Commented] (TINKERPOP-2894) Need upgrade to snakeyaml 1.3.4 or later

Jim Foscue (Jira) Mon, 13 Mar 2023 11:09:07 -0700


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17699778#comment-17699778
 ]


Jim Foscue commented on TINKERPOP-2894:
---------------------------------------

Duplicate of #2902.

> Need upgrade to snakeyaml 1.3.4 or later
> ----------------------------------------
>
>                 Key: TINKERPOP-2894
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2894
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.6.2
>            Reporter: Jim Foscue
>            Priority: Major
>              Labels: Ironbank
>
> snakeyaml-1.3.2 is causing the following vulerability...
> SnakeYaml Constructor Deserialization Remote Code Execution
> [https://github.com/advisories/GHSA-mjmj-j48q-9wg2]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TINKERPOP-2894) Need upgrade to snakeyaml 1.3.4 or later

Reply via email to