[jira] [Updated] (TINKERPOP-2894) Need upgrade to snakeyaml 1.3.4 or later

Jim Foscue (Jira) Thu, 09 Mar 2023 12:44:04 -0800


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jim Foscue updated TINKERPOP-2894:
----------------------------------
    Description: 
snakeyaml-1.3.2 is causing the following vulerability...

SnakeYaml Constructor Deserialization Remote Code Execution

[https://github.com/advisories/GHSA-mjmj-j48q-9wg2]

  was:
snakeyaml-1.3.2 is causing the following vulerability...

https://github.com/advisories/GHSA-mjmj-j48q-9wg2

         Labels: Ironbank  (was: )

> Need upgrade to snakeyaml 1.3.4 or later
> ----------------------------------------
>
>                 Key: TINKERPOP-2894
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2894
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.6.2
>            Reporter: Jim Foscue
>            Priority: Major
>              Labels: Ironbank
>
> snakeyaml-1.3.2 is causing the following vulerability...
> SnakeYaml Constructor Deserialization Remote Code Execution
> [https://github.com/advisories/GHSA-mjmj-j48q-9wg2]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TINKERPOP-2894) Need upgrade to snakeyaml 1.3.4 or later

Reply via email to