#Vulnerability Info for maven - snakeyaml 1.33

Hi folks, I'm facing this problem in Intellij so is it something with the IDE or from the dependency it self?

⌛ This post has been reserved for your question.

Hey @atomic roost! Please use /close or the Close Post button above when you're finished. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.

It is IntelliJ telling you something about your dependency

What version of Spring Boot are you using?

ah, looks like 3.1.4

this is the latest version

but the first of these CVEs seems unrelated to snakeyaml

and the latter doesn't seem to be an issue unless you use snakeyaml outside of Spring: https://github.com/spring-projects/spring-boot/issues/33457#issuecomment-1336643760

It's from the spring initializer site... This is not even the case I also saw a few days ago this happened to me when I was extending the TelegramLongPolling class, I faced this same issue warning.

No idea about the first CVE but the second one shouldn't be an issue unless you are parsing YAML

Thanks, I've understood it 🙂

If you are finished with your post, please close it.
If you are not, please ignore this message.
Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.