Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Minor
Component/s: core, snakeyaml-plugin
Labels:
- 2.426.1-fixed
- issue-exported-to-github

Released As:
2.431, https://plugins.jenkins.io/snakeyaml-api/releases/#version_2.2-111.vc6598e30cc65 , 2.426.1

The latest weekly Jenkins build has the following vulnerability detected:

CVE-2022-1471 - Package: org.yaml:snakeyaml - Package Type: MAVEN\n Affected Version: 1.32, Fixed Version: 2.0

Can someone update the latest build with the above version that applies the fixes ?

links to

CVE-2022-1471 in the national vulnerability database

jenkinsci/jenkins#8674

PR 75 - update Snakeyaml plugin to use 2.0

Snakeyaml CVE and NIST article on bitbucket.org

Assignee:: Unassigned
Reporter:: Andrew

Created:: 2023-04-05 13:19
Updated:: 2025-11-25 14:25
Resolved:: 2023-11-03 18:17
Archived:: 2025-11-25 14:25

Details

Description

Attachments

Issue Links

Activity

People

Dates