[CASSANDRA-17966] jackson-databind vulnerability CVE-2022-42003 CVE-2022-42004 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.11.14, 4.0.7, 4.1-rc1, 5.0-alpha1, 5.0
Component/s: Dependencies
Labels:
None

Bug Category:
Security
Severity:
Normal
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

NA
Source Control Link:

https://github.com/apache/cassandra/commit/2e6528542b21a5d79eeba6d22ddc2a289805f98c
Test and Documentation Plan:

Hide

run CI

Show
run CI

Description

As the summary says, jackson-databind 2.13.2.2 which was upgraded for a vulnerability in ~~CASSANDRA-17556~~ is vulnerable again.

Attachments

Issue Links

is duplicated by

CASSANDRA-18081 CVE's in Cassandra 4.0.7

Resolved

Activity

People

Assignee:: Brandon Williams

Reporter:: Brandon Williams

Authors:: Brandon Williams

Reviewers:: Stefan Miklosovic

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Oct/22 14:55

Updated:: 12/Sep/23 13:03

Resolved:: 18/Oct/22 15:40