Details
-
Fix
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
2.4.0
-
None
-
None
-
CVE-2022-25857
Description
Current Situation
JS7 JOC uses snakeyaml 1.30.
A vulnerability affect this version.
We rate the vulnerability as LOW as our software uses snakeyaml only for anonymization of logfiles and does not use snakeyaml in ways executable code could be maliciously injected. Any depth of rules not matching our implementations expectation will be ignored and will not result in DoS (Denial of Service).
See CVE-2022-25857
Desired Behaviour
JS7 JOC should use the latest version 1.31 of snakeyaml.
Attachments
Issue Links
- relates to
-
JOC-1394 Update snakeyaml to 1.32 due to 3rd party vulnerability CVE-2022-38752
- Released