You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In build.gradle there's a dependency on com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.1 which depends on org.yaml:snakeyaml:1.31 which is vulnerable to CVE-2022-1471, which NIST score as 9.8 CRITICAL. The fix is to upgrade jackson to 2.15, which upgrades to snakeyaml 2.0 (FasterXML/jackson-dataformats-text#390).
The text was updated successfully, but these errors were encountered:
In
build.gradlethere's a dependency oncom.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.1which depends onorg.yaml:snakeyaml:1.31which is vulnerable to CVE-2022-1471, which NIST score as 9.8 CRITICAL. The fix is to upgrade jackson to 2.15, which upgrades to snakeyaml 2.0 (FasterXML/jackson-dataformats-text#390).The text was updated successfully, but these errors were encountered: