Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1511

Update snakeyaml to 2.0 due to 3rd party vulnerability CVE-2022-1471

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.5.2
    • 2.5.3, 2.6.0
    • None
    • None
    • CVE-2022-1471

    Description

      Current Situation

      JS7 JOC uses snakeyaml 1.33.

      A vulnerability affect this version.

      We rate the vulnerability as LOW as our software uses snakeyaml only for anonymization of logfiles and does not use snakeyaml in ways executable code could be maliciously injected. Any depth of rules not matching our implementations expectation will be ignored and will not result in DoS (Denial of Service).

      SeeĀ CVE-2022-1471

      Desired Behaviour

      JS7 JOC should use the latest version 2.0 of snakeyaml.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Ajay Kumbhkar Ajay Kumbhkar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: