Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-23075

Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
      https://nvd.nist.gov/vuln/detail/CVE-2019-16335
      A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
      https://nvd.nist.gov/vuln/detail/CVE-2019-14540

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-23174 Upgrade jackson and jackson-databind to 2.9.10 (branch-1)

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-23069 periodic dependency bump for Sep 2019

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link GitHub Pull Request #45

          Web Link GitHub Pull Request #660

          Activity

            People

              nicholasjiang Nicholas Jiang
              nicholasjiang Nicholas Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: