Hello,
I am hoping you could help me with our vulnerability remediation process. We
have several development teams using Apache Beam in their projects. When
performing our Software Composition Analysis (Third-Party Software) scan,
projects utilizing Apache Beam have an incredible number of CVEs
Hi Joshua,
It may take a lot of effort and knowledge to review whether CVEs are
exploitable or not.
I have seen this kind of analysis done in a few cases, such as SnakeYAML
recently: https://s.apache.org/beam-and-cve-2022-1471 (
https://github.com/apache/beam/issues/25449)
If there is a patch ava
