cassandra_exporter
cassandra_exporter copied to clipboard
Critical vulnerability in SnakeYaml (CVE-2022-1471)
In build.gradle
there's a dependency on com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.1
which depends on org.yaml:snakeyaml:1.31
which is vulnerable to CVE-2022-1471, which NIST score as 9.8 CRITICAL. The fix is to upgrade jackson to 2.15, which upgrades to snakeyaml 2.0 (https://github.com/FasterXML/jackson-dataformats-text/pull/390).