[
https://issues.apache.org/jira/browse/CASSANDRA-18083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641422#comment-17641422
]
Brandon Williams commented on CASSANDRA-18083:
--
3.0 also has (for snakeyaml):
https://nvd.nist.gov/vuln/detail/CVE-2022-38752
https://nvd.nist.gov/vuln/detail/CVE-2022-38751
https://nvd.nist.gov/vuln/detail/CVE-2022-38750
https://nvd.nist.gov/vuln/detail/CVE-2022-41854
https://nvd.nist.gov/vuln/detail/CVE-2022-25857
https://nvd.nist.gov/vuln/detail/CVE-2022-38749
which are all also about parsing untrusted files resulting in a DOS, a scenario
that is not relevant to Apache Cassandra, and these are already suppressed in
3.11 and up.
||Branch||Circle||
|[3.0|https://github.com/driftx/cassandra/tree/CASSANDRA-18083-3.0]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/708/workflows/1868a814-1682-4e7b-8d7f-5662d45b516b]|
|[3.11|https://github.com/driftx/cassandra/tree/CASSANDRA-18083-3.11]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/706/workflows/b1fe40aa-2683-42cd-b8d4-4626b9694796]|
|[4.0|https://github.com/driftx/cassandra/tree/CASSANDRA-18083-4.0]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/705/workflows/3b65caca-fa1a-4003-b7b0-45011abaf88a],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/705/workflows/3b65caca-fa1a-4003-b7b0-45011abaf88a]|
|[4.1|https://github.com/driftx/cassandra/tree/CASSANDRA-18083-4.1]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/709/workflows/75af59b5-f999-4ca7-84a0-ff40622de955],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/709/workflows/c7f2cde8-44c4-4a6a-af44-1952b4b5f8af]|
|[trunk|https://github.com/driftx/cassandra/tree/CASSANDRA-18083-trunk]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/707/workflows/ba4212f2-1654-4902-9f63-e0e0643f9cd6],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/707/workflows/789cc3a6-e7ad-4432-b435-ba3584c553c1]|
> snakeyaml-1.26.jar: CVE-2022-41854
> --
>
> Key: CASSANDRA-18083
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18083
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
>Reporter: Brandon Williams
>Assignee: Brandon Williams
>Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 4.x
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2022-41854
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org