Details
Description
The ignite-rest-http and ignite-kubernetes modules include a vulnerable version of the jackson-databind library. This was spotted in 2.8.1.
This component jackson-databind-2.9.6.jar is flagged as having numerous
critical, high and medium security vulnerabilities, one of which is
described here:
https://nvd.nist.gov/vuln/detail/CVE-2019-14540
More here:
Attachments
Issue Links
- is a clone of
-
IGNITE-13464 Ignite-rest-http modules includes vulnerable dependencies
-
- Resolved
-
- is fixed by
-
IGNITE-15261 Update Ignite dependency: Jackson
-
- Resolved
-
- links to