[TINKERPOP-2728] jackson-databind high security issue identified - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: 3.5.2
Fix Version/s: 3.6.0, 3.5.3
Component/s: io
Labels:
None

Description

A high severity vulnerability has been logged against jackson-databind. Below is the summary and link to the vulnerability. I see this is already resolved in issue 2678 for 3.6.0
https://issues.apache.org/jira/projects/TINKERPOP/issues/TINKERPOP-2678

Is this also included in 3.5.3? Do you have an eta on when this would release?

Thanks for all your help

Vulnerability information:
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

https://nvd.nist.gov/vuln/detail/CVE-2020-36518

Attachments

Activity

People

Assignee:: Stephen Mallette

Reporter:: Aaron Coady

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Mar/22 15:26

Updated:: 30/Mar/22 18:37

Resolved:: 30/Mar/22 18:37