Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-20093

jackson-databind2.13.2.2 still exists in apache-cassandra-5.0.2

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Urgent
    • Resolution: Duplicate
    • None
    • None
    • None
    • Critical
    • All
    • Security

    Description

      Component name - jackson-databind
      Component version name - 2.13.2.2
      CVE-2022-42004 - 7.5
      CVE-2023-35116 - 4.7

      Archive Context and Path
      apache-cassandra-5.0.2/lib/jackson-databind-2.13.2.2.jar

       

      Above CVE's are still applicable for the jackson-databind2.13.2.2 in apache-cassandra-5.0.2

      CVSS score is 7.5 High

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. CASSANDRA-17966 jackson-databind vulnerability CVE-2022-42003 CVE-2022-42004

          • Normal -
          • Resolved

          Activity

            People

              Unassigned Unassigned
              Kaps_11 Kapil Shewate
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: