[ZOOKEEPER-4505] CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.7.1, 3.6.4, 3.9.0, 3.8.1
Component/s: None
Labels:
- pull-request-available
- security

Description

CVE-2020-36518 vulnerability affects jackson-databind in Zookeeper (see https://github.com/advisories/GHSA-57j2-w4cx-62h2).

Upgrading to jackson-databind version 2.13.2.1 should address this issue.

Attachments

Issue Links

links to

GitHub Pull Request #1842

GitHub Pull Request #1844

GitHub Pull Request #1845

GitHub Pull Request #1846

Activity

People

Assignee:: Unassigned

Reporter:: Edwin Hobor

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Mar/22 12:43

Updated:: 30/Jan/23 07:57

Resolved:: 31/Mar/22 18:24

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

2.5h