The SnakeYAML analysis is exactly what I was looking for. The library of
concern is org.codehaus.jackson jackson-mapper-asl 1.9.13. Our scanner is
reporting ~20 CVEs with a CVSS of >= 7 and ~60 CVEs total.
Thank you,
Josh
From: Bruno Volpato
Date: Monday, May 1, 2023 at 9:04 PM
To: user@beam.a
Generally these types of vulnerabilities are only exploitable when
processing untrusted data and/or exposing a public service to the
internet. This is not the typical use of Beam (especially the latter),
but that's not to say Beam can't be used in this way. That being said,
it's preferable to simpl
