Closed henson-to-partior closed 1 year ago
Our image is using Tessera 22.10.1 and during our Trivy Scan it generated a bug report
Package: org.yaml:snakeyaml Installed Version: 1.33 Vulnerability CVE-2022-1471 Severity: CRITICAL Fixed Version: 2.0 Link: [CVE-2022-1471 (https://avd.aquasec.com/nvd/cve-2022-1471)](https://avd.aquasec.com/nvd/cve-2022-1471) Impacted artifact(s): tessera/lib/snakeyaml-1.33.jar (from Line: 1 to 1)
I did a git pull of the latest Tesera build (23.4) just now and saw that it is still using snakeyaml 1.33
I did a grep and saw that the cve was actually added to the ignore list. Would it be possible to get a reason for this as I wasn't able to see why this was classified as False Positive.
https://github.com/ConsenSys/tessera/pull/1512
Our image is using Tessera 22.10.1 and during our Trivy Scan it generated a bug report
I did a git pull of the latest Tesera build (23.4) just now and saw that it is still using snakeyaml 1.33