Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-9947

upgrade jackson-databind to 2.13.4

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.46.0, 1.22.14
    • None
    • None

    Description

      jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

      https://nvd.nist.gov/vuln/detail/CVE-2020-36518

      Attachments

        Issue Links

          is cloned by

          Task - A task that needs to be done. OAK-10021 upgrade jackson-databind to 2.13.4.2

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. OAK-10159 Upgrade jackson-databind dependency to 2.13.5

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. OAK-9479 oak-search-elastic: upgrade jackson-databind to 2.10.5.1

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #712

          Activity

            People

              fortino Fabrizio Fortino
              fortino Fabrizio Fortino
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: