raml-java-parser icon indicating copy to clipboard operation
raml-java-parser copied to clipboard

Published 20 hours ago verified publisher icon raml-org

Vulnerable version snakeyaml

Open kuramsai opened this issue 5 years ago • 1 comments

RAML-parser.0.8.37 uses snakeyaml(1.23) which has known vulnerabilities and it is recommended to update it to 1.26 or later.

Upgrading to RAML-Parser 1.x is not possible as the format has changed in 1.x

So request you to update snakeyaml to 1.26 in 0.8.x version.

Referenced for security issue: https://snyk.io/vuln/SNYK-JAVA-ORGYAML-537645 https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion

kuramsai avatar Apr 17 '20 05:04 kuramsai

Please note that this parser is now deprecated and is about to be archived, please use webapi-parser moving forward.

jstoiko avatar Jun 30 '20 22:06 jstoiko