[jira] [Closed] (TINKERPOP-2894) Need upgrade to snakeyaml 1.3.4 or later

Jim Foscue (Jira) Mon, 13 Mar 2023 11:11:04 -0700


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jim Foscue closed TINKERPOP-2894.
---------------------------------
    Resolution: Duplicate

> Need upgrade to snakeyaml 1.3.4 or later
> ----------------------------------------
>
>                 Key: TINKERPOP-2894
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2894
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.6.2
>            Reporter: Jim Foscue
>            Priority: Major
>              Labels: Ironbank
>
> snakeyaml-1.3.2 is causing the following vulerability...
> SnakeYaml Constructor Deserialization Remote Code Execution
> [https://github.com/advisories/GHSA-mjmj-j48q-9wg2]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (TINKERPOP-2894) Need upgrade to snakeyaml 1.3.4 or later

Reply via email to