CVE-2022-45047 - Deserialization of Untrusted Data vulnerability in org.apache.sshd:sshd-common

Backport of #16779
2025-12-16 20:15:46 -06:00 · 2023-02-07 10:54:02 -03:00
parent 1112bee7f4
commit 27060d63ca
1 changed files with 7 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -122,6 +122,8 @@
        <okhttp.version>4.10.0</okhttp.version>
        <!-- Override of SnakeYAML to fix multiple CVEs -->
        <org.yaml.snakeyaml.version>1.33</org.yaml.snakeyaml.version>
+        <!-- Override sshd-common to fix CVE-2022-45047 -->
+        <org.apache.sshd.version>2.9.2</org.apache.sshd.version>

        <!-- Openshift -->
        <version.com.openshift.openshift-restclient-java>9.0.5.Final</version.com.openshift.openshift-restclient-java>
@@ -317,6 +319,11 @@
                <artifactId>snakeyaml</artifactId>
                <version>${org.yaml.snakeyaml.version}</version>
            </dependency>
+            <dependency>
+                <groupId>org.apache.sshd</groupId>
+                <artifactId>sshd-common</artifactId>
+                <version>${org.apache.sshd.version}</version>
+            </dependency>
            <dependency>
                <groupId>org.jboss</groupId>
                <artifactId>jboss-dmr</artifactId>