Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13112

Upgrade jackson to 2.9.8

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 7.6
    • 7.7.2, 8.1, 9.0
    • None
    • None
    • RedHat Linux.    May run from RHEL versions 5, 6 or 7 but this issue is from Sonatype component scan and should be independent of Linux platform version.

    Description

      We can't move to Solr 7 without fixing this issue flagged by Sonatype scan Of Solr - 7.6.0 Build,
      Using Scanner 1.56.0-01

      Threat Level 8       Against Solr v7.6.  com.fasterxml.jackson.core : jackson-databind : 2.9.6
      FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            krisden Kevin Risden
            rjh RobertHathaway
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Slack

                  Issue deployment