Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities in snakeyaml used by Jet #3128

Open
olukas opened this issue Dec 6, 2022 · 1 comment
Open

Vulnerabilities in snakeyaml used by Jet #3128

olukas opened this issue Dec 6, 2022 · 1 comment
Labels
security Pull requests that address a security vulnerability severity:high Vulnerability scan classification for High Severity issues
Milestone
4.5.5

Comments

@olukas
Copy link
Collaborator

olukas commented Dec 6, 2022

Jet elasticsearch uses snakeyaml in version 1.33 which includes following vulnerability:

The same CVE is in jmx_prometheus_javaagent-0.16.1.jar (shaded: org.yaml:snakeyaml:1.29).
@olukas olukas added security Pull requests that address a security vulnerability severity:high Vulnerability scan classification for High Severity issues labels Dec 6, 2022
@olukas olukas added this to the 4.5.4 milestone Dec 6, 2022
@TomaszGaweda TomaszGaweda modified the milestones: 4.5.4, 4.5.5 Dec 6, 2022
@TomaszGaweda
Copy link
Contributor

There is no fix possible in 4.5.4 - all versions contain at least one high prio vunerability, no fix available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Pull requests that address a security vulnerability severity:high Vulnerability scan classification for High Severity issues
Projects
None yet
Milestone
4.5.5
Development

No branches or pull requests
2 participants
@olukas @TomaszGaweda