Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.11.0
-
Any
Description
The current version of jackson-databind in parquet-mr has several CVEs associated with it: https://nvd.nist.gov/vuln/detail/CVE-2020-10673, https://nvd.nist.gov/vuln/detail/CVE-2020-10672, https://nvd.nist.gov/vuln/detail/CVE-2020-10969, https://nvd.nist.gov/vuln/detail/CVE-2020-11111, https://nvd.nist.gov/vuln/detail/CVE-2020-11113, (and a few more). We should update to jackson-databind 2.9.10.4
Attachments
Issue Links
- links to