confluentinc / confluent-docker-utils

Common Python utils for testing Confluent's Docker images
Apache License 2.0
2 stars 3 forks source link

CVE-2022-1471 #59

Closed pranayk01 closed 1 year ago

pranayk01 commented 1 year ago

This vulnerability(CVE-2022-1471) is reported as 'Critical' in Anchore and Twistlock scans. Can 'snakeyaml' package be updated to 2.0 version?

janjwerner-confluent commented 1 year ago

@pranayk01 Thank you for raising this issue. We are planning to address this issue in the upcoming quarterly release. As for severity of this flaw - Confluent Application Security team has reviewed the use of SnakeYaml and confirmed that the vulnerability is not exploitable in the context of the Confluent Platform