Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-34124

Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Won't Fix
    • 2.4.7
    • None
    • Build
    • None

    Description

       

      FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

       

      CVE-2020-36179

      Spark 2.4.7 still using Jackson 2.6.7

      Attachments

        Activity

          People

            Unassigned Unassigned
            LuciferYang Yang Jie
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: