jeetnal01
commented
5 months ago Can you please help with above query?
Open vchauhan81 opened 1 year ago
jeetnal01
commented
5 months ago Can you please help with above query?
adejanovski
commented
5 months ago We're currently working on upgrading our dependencies to fix some CVEs. Note that Reaper isn't vulnerable to this CVE.
jeetnal01
commented
3 months ago Thanks for the updates. Can you please help know when other CVEs will be fixed and its list?
Project board link
We are using cassandra-reaper version 3.3.1 in our product. Recently we did Blackduck security scan and following issue was reported for reaper.
Component name - SnakeYAML Component version name - 1.29 CVE - CVE-2022-1471 (BDSA-2022-3447) CVSS - 9.8 (Critical)
Can you please help us to confirm -
if version 3.3.1 is vulnerable for these CVE ? if yes, in which version the fix would be available ?
┆Issue is synchronized with this Jira Story by Unito