Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.15.0
-
None
-
None
Description
In Geode 1.15.0, Jackson-databind 2.13.2.2 has known security vulnerabilities. These issues are both fixed in 2.13.4.2.
| HIGH | CVE-2022-42004 (BDSA-2022-2768) CVE-2022-42004 (nist.gov) |
Jackson Databind Vulnerable to Denial-of-Service (DoS) via Resource Exhaustion in 'BeanDeserializer' Component | Fixed in 2.13.4 |
| HIGH | CVE-2022-42003 (BDSA-2022-2765) CVE-2022-42003 (nist.gov) |
Jackson Databind Vulnerable to Denial-of-Service (DoS) via Resource Exhaustion in Primitive Value Deserializers | Fixed in 2.13.4.2 |