[HIVE-28073] Upgrade jackson version to 2.16.1 - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0
Component/s: None
Labels:
- pull-request-available

Description

Jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies.
https://nvd.nist.gov/vuln/detail/CVE-2023-35116
https://github.com/FasterXML/jackson-databind/issues/3972

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #5081

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Araika Singh Assign to me

Reporter:: Araika Singh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Feb/24 17:42

Updated:: 29/Mar/24 17:49

Resolved:: 03/Mar/24 07:46

Agile

Slack

Issue deployment