Description
Another CVE in jackson-databind:
https://nvd.nist.gov/vuln/detail/CVE-2019-14379
jackson-databind 2.9.9.2 is available: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
Side note: Here's a discussion jira on whether to remove jackson-databind due to the increasing number of CVEs in this dependency recently: HADOOP-16485
Attachments
Attachments
Issue Links
- is related to
-
HADOOP-16533 Update jackson-databind to 2.9.9.3
- Resolved
- relates to
-
HADOOP-16451 Update jackson-databind to 2.9.9.1
- Resolved
-
HADOOP-16485 Remove dependency on jackson
- Open