Incorrect vulnerability details - SnakeYAML CVE-2022-38751 (affected versions)

OSSIndex / vulns

Report missing advisories and corrections on OSS Index

17 stars 12 forks source link

Incorrect vulnerability details - SnakeYAML CVE-2022-38751 (affected versions) #327

Closed chadlwilson closed 1 year ago

chadlwilson commented 1 year ago

Vulnerability URL https://ossindex.sonatype.org/vulnerability/CVE-2022-38751?component-type=maven&component-name=org.yaml%2Fsnakeyaml

Component URL https://ossindex.sonatype.org/component/pkg:maven/org.yaml/snakeyaml

Description According to both the developers and NIST, this CVE was fixed in SnakeYAML 1.31, but is still being reported against it by OSSINDEX.

https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039
https://nvd.nist.gov/vuln/detail/CVE-2022-38751

chadlwilson commented 1 year ago

Related to #328

chadlwilson commented 1 year ago

This is now marked as fixed in 1.32 by OSSIndex, so closing this one. (technically I think it was fixed in 1.31 but this is probably close enough....)