Vulnerable version snakeyaml
kuramsai opened this issue · 1 comments
kuramsai commented
RAML-parser.0.8.37 uses snakeyaml(1.23) which has known vulnerabilities and it is recommended to update it to 1.26 or later.
Upgrading to RAML-Parser 1.x is not possible as the format has changed in 1.x
So request you to update snakeyaml to 1.26 in 0.8.x version.
Referenced for security issue:
https://snyk.io/vuln/SNYK-JAVA-ORGYAML-537645
https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion
jstoiko commented
Please note that this parser is now deprecated and is about to be archived, please use webapi-parser moving forward.