Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1394

Update snakeyaml to 1.32 due to 3rd party vulnerability CVE-2022-38752

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.4.1
    • 2.5.0
    • None
    • None
    • CVE-2022-38752

    Description

      Current Situation

      JS7 JOC uses snakeyaml 1.30.

      A vulnerability affect this version.

      We rate the vulnerability as LOW as our software uses snakeyaml only for anonymization of logfiles and does not use snakeyaml in ways executable code could be maliciously injected. Any depth of rules not matching our implementations expectation will be ignored and will not result in DoS (Denial of Service).

      See CVE-2022-38752

      Desired Behaviour

      JS7 JOC should use the latest version 1.32 of snakeyaml.

      Attachments

        Issue Links

          is related to

          Fix - JOC-1372 Update snakeyaml to 1.31 due to 3rd party vulnerability CVE-2022-25857

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Activity

            People

              sp Santiago Aucejo Petzoldt
              sp Santiago Aucejo Petzoldt
              Kanika Agrawal Kanika Agrawal
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: