You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
org.yaml.snakeyaml 1.30 was released at Dec 15, 2021, after that, 1.31 was released at Aug 27, 2022, 1.32 was released at Sep 12, 2022
nacos-client pom.xml do not specify the certain version of org.yaml.snakeyaml, and the latest version of nacos-client was released at Aug 08, 2022, so nacos-client use org.yaml.snakeyaml 1.30.
Describe the bug
org.yaml.snakeyaml 1.30 was released at Dec 15, 2021, after that, 1.31 was released at Aug 27, 2022, 1.32 was released at Sep 12, 2022
nacos-client pom.xml do not specify the certain version of org.yaml.snakeyaml, and the latest version of nacos-client was released at Aug 08, 2022, so nacos-client use org.yaml.snakeyaml 1.30.
CVE-2022-25857 was published at Aug 30, 2022
https://nvd.nist.gov/vuln/detail/CVE-2022-25857
Expected behavior
upgrade org.yaml.snakeyaml version from 1.30 to 1.32
The text was updated successfully, but these errors were encountered: