There is a vulnerability in SnakeYAML 1.14 ,upgrade recommended #1849

QiAnXinCodeSafe · 2020-09-30T08:13:33Z

Lines 89 to 93 in 569a4c2

    
           <dependency> 
        
             <groupId>org.yaml</groupId> 
        
             <artifactId>snakeyaml</artifactId> 
        
             <version>1.14</version> 
        
           </dependency>

CVE-2017-18640

Recommended upgrade version：1.27

Fixes #1849 PiperOrigin-RevId: 334609302

Fixes google#1849 PiperOrigin-RevId: 334636382

copybara-service bot mentioned this issue Sep 30, 2020

Upgrade SnakeYAML to 1.27. #1850

Merged

copybara-service bot pushed a commit that referenced this issue Sep 30, 2020

Upgrade SnakeYAML to 1.27.

b77fb21

Fixes #1849 PiperOrigin-RevId: 334609302

eaftan self-assigned this Sep 30, 2020

copybara-service bot pushed a commit that referenced this issue Sep 30, 2020

Upgrade SnakeYAML to 1.27.

1755aad

Fixes #1849 PiperOrigin-RevId: 334609302

copybara-service bot closed this as completed in 489e21c Sep 30, 2020

copybara-service bot closed this as completed in #1850 Sep 30, 2020

stevie400 pushed a commit to HubSpot/error-prone that referenced this issue Jan 15, 2021

Upgrade SnakeYAML to 1.27.

dbbb332

Fixes google#1849 PiperOrigin-RevId: 334636382

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is a vulnerability in SnakeYAML 1.14 ,upgrade recommended #1849

There is a vulnerability in SnakeYAML 1.14 ,upgrade recommended #1849

QiAnXinCodeSafe commented Sep 30, 2020

There is a vulnerability in SnakeYAML 1.14 ,upgrade recommended #1849

There is a vulnerability in SnakeYAML 1.14 ,upgrade recommended #1849

Comments

QiAnXinCodeSafe commented Sep 30, 2020