- edited description
CVE-2022-1471 - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization
Issue #563
wontfix
A new vulnerability in SnakeYaml was reported on 2022-12-01 as CVE-2022-1471.
This is the NVD link: https://nvd.nist.gov/vuln/detail/CVE-2022-1471.
More information can be found in the google/security-research project security post.
Can anybody kindly have a look?
Thank you.
Comments (5)
-
reporter -
-
It looks like these issues shoud never be closed, immediatly after it is closed it is re-created.
-
reporter Sorry, I didn’t notice this one.
https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in
I will close the ticket.
-
reporter - changed status to wontfix
- Log in to comment