[
https://issues.apache.org/jira/browse/CASSANDRA-18389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17706503#comment-17706503
]
Brandon Williams edited comment on CASSANDRA-18389 at 3/30/23 3:15 PM:
-----------------------------------------------------------------------
https://nvd.nist.gov/vuln/detail/CVE-2022-45688
bq. A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10
allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML
data.
We aren't calling any 'toJSONObject' things, we can suppress:
||Branch||CI||
|[3.11|https://github.com/driftx/cassandra/tree/CASSANDRA-18389-3.11]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/942/workflows/82eb5bdb-e8a7-47f2-9fbf-e6d6eee523b5]|
|[4.0|https://github.com/driftx/cassandra/tree/CASSANDRA-18389-4.0]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/939/workflows/dfc592a1-22a7-4485-997e-09f85213a957],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/939/workflows/2c36af64-3f2e-4b76-bba6-9e486c6aa745]|
|[4.1|https://github.com/driftx/cassandra/tree/CASSANDRA-18389-4.1]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/938/workflows/eddd2ec3-23ca-4b73-9e01-23c0179541ed],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/938/workflows/d91749d6-9b97-46a4-9934-532ac0c817f4]|
|[trunk|https://github.com/driftx/cassandra/tree/CASSANDRA-18389-trunk]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/937/workflows/7b5ce52d-aa36-415c-97e8-edd1c743e39d],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/937/workflows/3d9a11ff-bfb1-4a31-a29b-2f08a5f34e11]|
was (Author: brandon.williams):
https://nvd.nist.gov/vuln/detail/CVE-2022-45688
bq. A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10
allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML
data.
We aren't calling any 'toJSONObject' things, we can suppress:
||Branch||CI||
|[4.0|https://github.com/driftx/cassandra/tree/CASSANDRA-18389-4.0]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/939/workflows/dfc592a1-22a7-4485-997e-09f85213a957],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/939/workflows/2c36af64-3f2e-4b76-bba6-9e486c6aa745]|
|[4.1|https://github.com/driftx/cassandra/tree/CASSANDRA-18389-4.1]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/938/workflows/eddd2ec3-23ca-4b73-9e01-23c0179541ed],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/938/workflows/d91749d6-9b97-46a4-9934-532ac0c817f4]|
|[trunk|https://github.com/driftx/cassandra/tree/CASSANDRA-18389-trunk]|[j8|https://app.circleci.com/pipelines/github/driftx/cassandra/937/workflows/7b5ce52d-aa36-415c-97e8-edd1c743e39d],
[j11|https://app.circleci.com/pipelines/github/driftx/cassandra/937/workflows/3d9a11ff-bfb1-4a31-a29b-2f08a5f34e11]|
> jackson-core-2.13.2.jar vulnerability: CVE-2022-45688
> -----------------------------------------------------
>
> Key: CASSANDRA-18389
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18389
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 3.11.x, 4.0.x, 4.1.x, 5.x
>
>
> This is currently failing in the OWASP scan.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
