Snakeyaml prior to v2.0 is vulnerable to CVE-2022-1471.
Latest Apache karaf camel is still using a vulnerable version of snakeyaml. See https://mvnrepository.com/artifact/org.apache.camel.karaf/apache-camel/3.21.2 https://repo1.maven.org/maven2/org/apache/camel/karaf/apache-camel/3.21.2/apache-camel-3.21.2-features.xml
Since camel is using snakeyaml across multiple karaf features, it's difficult to hard-code fix and might be troublesome to maintain as well.
Currently used
- camel version - 3.20.0
- apache karaf - 4.4.3
- Java - 17
Any idea of how we can fix this or update on when camel is going to provide a fix for this vulnerability?