Vulnerability CVE-2022-1471 in the dependency org.yaml.snakeyaml 1.32

Question

Vulnerability CVE-2022-1471 in the dependency org.yaml.snakeyaml 1.32

dadusuma opened this issue a year ago · comments

Hi,

There is a security vulnerability CVE-2022-1471 in the dependency https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.32. Please update the dependency to 2.0 version as soon as possible.

org.yaml
snakeyaml
2.0

Regards
DP

Louise Berglund · Answer 1 · Mon May 22 2023 17:37:22 GMT+0800 (China Standard Time)

@dadusuma Thanks for your report. Our team working with APOC extended has this on their radar already. We will let you know here once it has been mitigated.

Best regards Louise, Neo4j Cypher team