snakeyaml / snakeyaml / issues / #1069 - snake Yaml 1.33 reports CVE-2022-1471 — Bitbucket

Issue #1069 invalid

Harsha Praveen Vaddadi created an issue 2023-06-06

we use snake Yaml 1.33 reports CVE-2022-1471. Kindly let us know when can this issue is fixed in 1.33

Comments (8)

Andrey Somov
Just keep using SnakeYAML 1.33 - it is a false positive
- 2023-06-06T18:36:50+00:00
Andrey Somov
- marked as minor
- marked as task
- assigned issue to
  
  Andrey Somov
- 2023-06-06T18:37:09+00:00
Andrey Somov
- changed status to open
- 2023-06-07T15:11:10+00:00
Harsha Praveen Vaddadi reporter
Could You please lets us know the reason for declaring it as a false positive?
- 2023-06-07T15:16:55+00:00
Andrey Somov
You will find many issues in this tracker to prove it.

Do you use Spring ?
- 2023-06-07T16:37:57+00:00
Harsha Praveen Vaddadi reporter
Yes
- 2023-06-07T22:20:40+00:00
Andrey Somov
https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471
- 2023-06-08T04:47:11+00:00
Andrey Somov
- changed status to invalid
Spring users are not affected
- 2023-06-09T04:39:51+00:00
Log in to comment

Assignee: Andrey Somov

Type: task

Priority: minor

Status: invalid

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!