Skip to content

Upgrade snakeyaml from 1.33 to 2.0 fixing CVE-2022-1471 #2265

New issue
New issue
Closed
Closed
Upgrade snakeyaml from 1.33 to 2.0 fixing CVE-2022-1471#2265
Assignees
julianladisch
Labels
codequalityfixed
Milestone
1.4.0
@julianladisch

Description

@julianladisch
julianladisch
opened on Feb 28, 2023

Snakeyaml 2.0 has a fix for the CVE-2022-1471 Arbitrary Code Execution vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2022-1471
https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes

Karate is not affected by this vulnerability, but other code might be so that Karate should be compatible with Snakeyaml 2.0 and by default should ship with Snakeyaml 2.0.

Metadata

Metadata

Assignees

Labels

codequalityfixed

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions