Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gradle build package has snakeyaml dependency for plugins has a CVE with high base score #21983

Closed
Syedasifajaz opened this issue Sep 12, 2022 · 0 comments · Fixed by #22028
Closed

Gradle build package has snakeyaml dependency for plugins has a CVE with high base score #21983

Syedasifajaz opened this issue Sep 12, 2022 · 0 comments · Fixed by #22028
Assignees
@donat
Labels
a:bug in:building-gradle gradle/gradle build @support Issues owned by GBT support team
Milestone
7.6 RC1

Comments

@Syedasifajaz
Copy link

Gradle all versions includes snakeyaml dependency for plugins has CVE with high base score

https://nvd.nist.gov/vuln/detail/CVE-2022-25857

Due to this dependency docker image which we build containing gradle is flagged as vulnerable image.
Can we expect a patch or rc to fix this security vulnerability.
@jbartok jbartok added the in:building-gradle gradle/gradle build label Sep 14, 2022
@jbartok jbartok added this to the 7.6 RC1 milestone Sep 14, 2022
@jbartok jbartok added @support Issues owned by GBT support team and removed to-triage labels Sep 14, 2022
@donat donat mentioned this issue Sep 15, 2022
Merged
This was referenced Jan 5, 2023
Closed
Closed
Closed
Closed
@github-actions github-actions bot mentioned this issue Feb 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@donat donat

Labels
a:bug in:building-gradle gradle/gradle build @support Issues owned by GBT support team
Projects
None yet
Milestone
7.6 RC1
Development

Successfully merging a pull request may close this issue.

Update snakeyaml to 1.32 gradle/gradle
3 participants
@donat @jbartok @Syedasifajaz