[FOLIO-2337] Track security vulnerability fixes reported in jackson-databind >= 2.0.0, < 2.9.10 Created: 04/Nov/19 Updated: 03/Jun/20 Resolved: 27/Jan/20 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Umbrella | Priority: | P2 |
| Reporter: | Julian Ladisch | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||||||
| Sprint: | |||||||||||||||||||||
| Description |
RemediationUpgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10 or later. For example: <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>[2.9.10,)</version> </dependency> DetailsCVE-2019-16335critical severity *Vulnerable versions:* < 2.9.10 *Patched version:* 2.9.10 A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. CVE-2019-14540critical severity *Vulnerable versions:* < 2.9.10 *Patched version:* 2.9.10 A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. On Jackson CVEs: Don't Panic — Here is what you need to know |
| Comments |
| Comment by Peter Murray [ 27/Jan/20 ] |
|
Blocking issues are closed. |