Open patrickcarnegie opened 6 months ago
https://github.com/hmcmanus/yaml-validator-hook/blob/master/pom.xml#L50
The library org.yaml:snakeyaml version 1.33 is vulnerable to CVE-2022-1471, which exists in versions <= 1.33.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: Critical).
This vulnerability has a known exploit available. Sources: Github [1, 2], Packetstorm.
The vulnerability can be remediated by updating the library to version 2.0.0 or higher
https://github.com/hmcmanus/yaml-validator-hook/blob/master/pom.xml#L50
The library org.yaml:snakeyaml version 1.33 is vulnerable to CVE-2022-1471, which exists in versions <= 1.33.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: Critical).
This vulnerability has a known exploit available. Sources: Github [1, 2], Packetstorm.
The vulnerability can be remediated by updating the library to version 2.0.0 or higher