/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-6pfg-7rjx-m4q7

Published

Last updated

https://images.chainguard.dev/security/CGA-6pfg-7rjx-m4q7
Package

metric-collector-for-apache-cassandra

RepositoryWolfi
Latest Update
Pending upstream fix
Aliases
  • CVE-2022-1471
  • GHSA-mjmj-j48q-9wg2

Severity

9.8

Critical

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2022-1471
  • https://github.com/advisories/GHSA-mjmj-j48q-9wg2

Updates

Status

Pending upstream fix

Impact

To fix the CVE, we have to upgrade 'snakeyaml' to '2.0' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: "/src/main/java/com/datastax/mcac/ConfigurationLoader.java:[106,19] incompatible types: java.lang.Class<capture#1 of ?> cannot be converted to org.yaml.snakeyaml.LoaderOptions"

Status

Under investigation

Status

Pending upstream fix

Impact

To fix the CVE, we have to upgrade 'snakeyaml' to '2.0' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: "/src/main/java/com/datastax/mcac/ConfigurationLoader.java:[106,19] incompatible types: java.lang.Class<capture#1 of ?> cannot be converted to org.yaml.snakeyaml.LoaderOptions"

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal