Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-7681

Vulnerability in dependency jackson-mapper-asl-1.9.13.jar

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.17.0
    • 1.20.1
    • None
    • None

    Description

      Vulnerability in dependency jackson-mapper-asl-1.9.13.jar

      Max CVSS: 7.5 (High)

      Total # CVEs: 1

      Note: This is the last release of jackson-mapper-asl before it was moved / renamed to jackson-databind from 2013. While there is only one known CVE, the fix for that is to upgrade to jackson-databind. It is likely many of the same issue impacting databind impact mapper as well.

      https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-mapper-asl&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-mapper-asl%3A1.9.13

       

      Is this vulnerability exploitable from Apache Drill?

      Attachments

        Activity

          People

            Unassigned Unassigned
            dereklohnes Derek Lohnes
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: