[jira] [Commented] (CASSANDRA-17556) jackson-databind 2.13.2 is vulnerable to CVE-2020-36518

Ekaterina Dimitrova (Jira) Tue, 26 Apr 2022 06:28:06 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17528169#comment-17528169
 ]


Ekaterina Dimitrova commented on CASSANDRA-17556:
-------------------------------------------------

My only question really was - is there anything we need to know around the 
usages or test and to remind of the old issue on the hot path. That’s it

> jackson-databind 2.13.2 is vulnerable to CVE-2020-36518
> -------------------------------------------------------
>
>                 Key: CASSANDRA-17556
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17556
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Build
>            Reporter: Brandon Williams
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 3.11.13, 4.1, 4.0.4
>
>
> Seems like it's technically possible to cause a DoS with nested json.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Commented] (CASSANDRA-17556) jackson-databind 2.13.2 is vulnerable to CVE-2020-36518

Reply via email to