Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Unpin jackson fixing Number Parse DoS (PRISMA-2023-0067)

Description

jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS): https://github.com/FasterXML/jackson-core/pull/827

mod-invoice pins the jackson version to 2.13.4. This effectively downgrades the jackson version provided by RMB (domain-models-runtime, domain-models-api-interfaces) from 2.16.1 to 2.13.4.

Fix: Unpin jackson.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

Activity

Show:
Done

Details

Assignee

Reporter

Labels

Priority

Development Team

Thunderjet

Release

Ramsons (R2 2024)

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created May 5, 2024 at 3:03 PM
Updated May 7, 2024 at 1:21 PM
Resolved May 7, 2024 at 1:21 PM
TestRail: Cases
TestRail: Runs

Flag notifications