[jira] [Commented] (CURATOR-683) Update dependencies: com.fasterxml.jackson.core

Slavik (Jira) Wed, 02 Aug 2023 09:40:06 -0700


    [ 
https://issues.apache.org/jira/browse/CURATOR-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17750409#comment-17750409
 ]


Slavik commented on CURATOR-683:
--------------------------------

[https://github.com/apache/curator/pull/472] com.fasterxml.jackson.core version 
2.13.5

> Update dependencies: com.fasterxml.jackson.core
> -----------------------------------------------
>
>                 Key: CURATOR-683
>                 URL: https://issues.apache.org/jira/browse/CURATOR-683
>             Project: Apache Curator
>          Issue Type: Task
>    Affects Versions: 5.5.0
>            Reporter: Slavik
>            Assignee: Enrico Olivelli
>            Priority: Major
>
> There are 2 com.fasterxml.jackson.core dependencies:
>  * jackson-core
>  * 
> jackson-databind
> Both are at version 2.10.0
> These dependencies bring CVEs:
>  * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004] (resource 
> exhaustion)
>  * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003] (resource 
> exhaustion)
>  * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46877] (denial of 
> service)
>  * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518] (denial of 
> service)
>  * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649] (data 
> integrity)
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CURATOR-683) Update dependencies: com.fasterxml.jackson.core

Reply via email to