[SPARK-40782] Upgrade Jackson-databind to 2.13.4.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.3.1, 3.4.0
Component/s: Build
Labels:
None

Description

#3590: Add check in primitive value deserializers to avoid deep wrapper array
nesting wrt `UNWRAP_SINGLE_VALUE_ARRAYS` [CVE-2022-42003]

Attachments

Issue Links

links to

[Github] Pull Request #38235 (LuciferYang)

Activity

People

Assignee:: Yang Jie

Reporter:: Yang Jie

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/Oct/22 05:46

Updated:: 08/Apr/24 06:42

Resolved:: 13/Oct/22 15:30