bodiam
commented
2 years ago Absolutely correct. We've created a port of Javafaker, called https://www.datafaker.net, which doesn't have this issue (we fixed the CVE, and removed most other dependencies). It's a direct replacement with the same API, but actively maintained, no CVEs, 10-30% faster, etc.
There is a critical vulnerability in the library snakeYAML: https://mvnrepository.com/artifact/org.yaml/snakeyaml
Update to a version +1.26: Proposed solution
`
`