[CURATOR-683] Update dependencies: com.fasterxml.jackson.core - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.0
Fix Version/s: 5.6.0
Component/s: None
Labels:
None

Description

There are 2 com.fasterxml.jackson.core dependencies:

jackson-core
jackson-databind

Both are at version 2.10.0

These dependencies bring CVEs:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004 (resource exhaustion)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003 (resource exhaustion)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46877 (denial of service)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518 (denial of service)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649 (data integrity)

Attachments

Issue Links

links to

GitHub Pull Request #472

Activity

People

Assignee:: Enrico Olivelli

Reporter:: Slavik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Aug/23 15:50

Updated:: 03/Aug/23 17:57

Resolved:: 03/Aug/23 17:57