CVE-2022-41854/CVE-2022-38752 Snakeyaml vulnerable to Stack overflow leading to denial of service

Resolves #16062
This commit is contained in:
Bruno Oliveira da Silva 2023-01-31 17:49:56 -03:00 committed by Hynek Mlnařík
parent ae189c5a34
commit e3ccba3903

View file

@ -119,6 +119,8 @@
<google.guava.version>30.1-jre</google.guava.version> <google.guava.version>30.1-jre</google.guava.version>
<xstream.version>1.4.20</xstream.version> <xstream.version>1.4.20</xstream.version>
<okhttp.version>4.10.0</okhttp.version> <okhttp.version>4.10.0</okhttp.version>
<!-- Override of SnakeYAML to fix multiple CVEs -->
<org.yaml.snakeyaml.version>1.33</org.yaml.snakeyaml.version>
<!-- Openshift --> <!-- Openshift -->
<version.com.openshift.openshift-restclient-java>9.0.5.Final</version.com.openshift.openshift-restclient-java> <version.com.openshift.openshift-restclient-java>9.0.5.Final</version.com.openshift.openshift-restclient-java>
@ -315,6 +317,11 @@
<artifactId>logging-interceptor</artifactId> <artifactId>logging-interceptor</artifactId>
<version>${okhttp.version}</version> <version>${okhttp.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>${org.yaml.snakeyaml.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.jboss</groupId> <groupId>org.jboss</groupId>
<artifactId>jboss-dmr</artifactId> <artifactId>jboss-dmr</artifactId>