1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
2
Hello,
Greengrass is not affected by this CVE.
This CVE concerns SnakeYaml’s Constructor() class does not restrict types which can be instantiated during deserialization
. Greengrass does not use SnakeYaml directly. We import an old version of Jackson dataformat library, which uses SnakeYaml. Jackson is also not affected by this CVE. https://github.com/FasterXML/jackson-dataformats-text/issues/392
We will update Jackson library in our next Nucleus release.
beantwortet vor 9 Monaten
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr