[ https://issues.apache.org/jira/browse/TINKERPOP-2260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Dale closed TINKERPOP-2260. ---------------------------------- Resolution: Fixed > Update jackson databind 2.9.9.1 > ------------------------------- > > Key: TINKERPOP-2260 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2260 > Project: TinkerPop > Issue Type: Improvement > Components: io > Affects Versions: 3.3.7, 3.4.2 > Reporter: Robert Dale > Assignee: Robert Dale > Priority: Minor > Labels: security > Fix For: 3.3.8, 3.4.3, 3.5.0 > > > Vulnerable to deserialization of untrusted data with logback-core or jdom on > the classpath. > Upgrade to 2.9.9.1 or higher. > * https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917 > * https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207 -- This message was sent by Atlassian JIRA (v7.6.3#76005)