[
https://issues.apache.org/jira/browse/CASSANDRA-18083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641394#comment-17641394
]
Brandon Williams commented on CASSANDRA-18083:
----------------------------------------------
bq. Those using Snakeyaml to parse untrusted YAML files may be vulnerable to
Denial of Service attacks (DOS). If the parser is running on user supplied
input, an attacker may supply content that causes the parser to crash by stack
overflow.
I don't think we need to worry about this, similar to CASSANDRA-17907.
> snakeyaml-1.26.jar: CVE-2022-41854
> ----------------------------------
>
> Key: CASSANDRA-18083
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18083
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 4.x
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2022-41854
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
