search

hazelcast / hazelcast-jet

Distributed Stream and Batch Processing
https://jet-start.sh
Other
1.11k stars 206 forks source link

Vulnerabilities in snakeyaml used by Jet #3128

Open olukas opened 1 year ago

olukas commented 1 year ago

Jet elasticsearch uses snakeyaml in version 1.33 which includes following vulnerability:

The same CVE is in jmx_prometheus_javaagent-0.16.1.jar (shaded: org.yaml:snakeyaml:1.29).

TomaszGaweda commented 1 year ago

There is no fix possible in 4.5.4 - all versions contain at least one high prio vunerability, no fix available.