[jira] [Updated] (CASSANDRA-17556) jackson-databind 2.13.2 is vulnerable to CVE-2020-36518

[Brandon Williams (Jira)]

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-17556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brandon Williams updated CASSANDRA-17556:
-----------------------------------------
    Fix Version/s: 3.11.13
                   4.1
                   4.0.4
                       (was: 4.x)
                       (was: 3.11.x)
                       (was: 4.0.x)

> jackson-databind 2.13.2 is vulnerable to CVE-2020-36518
> -------------------------------------------------------
>
>                 Key: CASSANDRA-17556
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17556
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Build
>            Reporter: Brandon Williams
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 3.11.13, 4.1, 4.0.4
>
>
> Seems like it's technically possible to cause a DoS with nested json.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org