Skip to content
This repository has been archived by the owner on Jul 10, 2024. It is now read-only.

There is a vulnerability in SnakeYAML 1.16,upgrade recommended #478

Open
QiAnXinCodeSafe opened this issue Dec 9, 2020 · 0 comments
Open

There is a vulnerability in SnakeYAML 1.16,upgrade recommended #478

QiAnXinCodeSafe opened this issue Dec 9, 2020 · 0 comments
Labels
dependencies Pull requests that update a dependency file

Comments

@QiAnXinCodeSafe
Copy link

submarine/pom.xml

Line 100 in 3041ef2

<snakeyaml.version>1.16</snakeyaml.version>

CVE-2017-18640

Recommended upgrade version:

1.26
@jiwq jiwq added the dependencies Pull requests that update a dependency file label Dec 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jiwq @QiAnXinCodeSafe