frantuma
commented
10 months ago 2.1.8 and current swagger-parser uses SnakeYaml 2.2, which is not affected by the mentioned vulnerability. Please verify that your tooling is providing correct result and targeting the right version, and please close ticket if the above is correct
Out project reports the following CVE when we use latest
io.swagger.parser.v3:swagger-parser:2.1.18https://nvd.nist.gov/vuln/detail/CVE-2022-1471Is it possible to move to SnakeYaml v2 to resolve this CVE?