[CASSANDRA-15827] Upgrade to Jackson Databind 2.9.10.4 or later to address CVEs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Triage Needed
Priority: Normal
Resolution: Unresolved
Fix Version/s: None
Component/s: None
Labels:
None

Platform:

All
Impacts:

Security

Description

Recent scan results identified the following CVEs that require this upgrade to address

https://nvd.nist.gov/vuln/detail/CVE-2020-8840
https://nvd.nist.gov/vuln/detail/CVE-2020-9548
https://nvd.nist.gov/vuln/detail/CVE-2020-9547
https://nvd.nist.gov/vuln/detail/CVE-2020-9546
https://nvd.nist.gov/vuln/detail/CVE-2020-10673
https://nvd.nist.gov/vuln/detail/CVE-2020-10672
https://nvd.nist.gov/vuln/detail/CVE-2020-10968
https://nvd.nist.gov/vuln/detail/CVE-2020-10969
https://nvd.nist.gov/vuln/detail/CVE-2020-11112
https://nvd.nist.gov/vuln/detail/CVE-2020-11113
https://nvd.nist.gov/vuln/detail/CVE-2020-11111
https://nvd.nist.gov/vuln/detail/CVE-2020-11619
https://nvd.nist.gov/vuln/detail/CVE-2020-11620

Attachments

Issue Links

is cloned by

CASSANDRA-15828 Remove jackson-mapper-asl-1.9.13 to address CVE

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Kevin Eveker

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 21/May/20 22:07

Updated:: 21/May/20 22:54