Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-16462

Upgrade to Jackson Databind 2.9.10.8 or later fix high vulnerabilities

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • 3.11.11, 4.0-rc1, 4.0
    • Dependencies
    • None

    Description

      There are 22 high CVEs

      CVE ID | Severity | Packages | Source Package | Fixed Package Version
      – | – | – | – | –
      CVE-2020-24750 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.6
      CVE-2020-24616 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.6
      CVE-2020-14195 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
      CVE-2020-14062 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
      CVE-2020-14061 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
      CVE-2020-14060 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
      CVE-2020-35491 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-35490 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-35728 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2021-20190 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.7
      CVE-2020-25649 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.10.5.1, 2.9.10.7, 2.6.7.4
      CVE-2020-36187 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36188 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36189 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36186 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36185 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36183 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36184 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36182 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36179 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36180 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
      CVE-2020-36181 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-16734 Remediate Cassandra 3.11.10 JAR dependency vulnerabilities

          • Normal -
          • Resolved

          Activity

            People

              brandon.williams Brandon Williams
              joshib Bhargav Joshi
              Brandon Williams
              Andres de la Peña
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m