[jira] [Resolved] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0

Cole Greer (Jira) Mon, 17 Jul 2023 15:44:04 -0700


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Cole Greer resolved TINKERPOP-2948.
-----------------------------------
    Fix Version/s: 3.7.0
                   3.5.7
                   3.6.5
         Assignee: Cole Greer
       Resolution: Fixed

> PRISMA security vulnerabilty for jackson-databind 2.14.0
> --------------------------------------------------------
>
>                 Key: TINKERPOP-2948
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2948
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.6.3, 3.5.6
>            Reporter: Aaron Coady
>            Assignee: Cole Greer
>            Priority: Critical
>              Labels: breaking
>             Fix For: 3.7.0, 3.5.7, 3.6.5
>
>
>  
> h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0
> [https://github.com/FasterXML/jackson-core/pull/827]
>  
> com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are 
> vulnerable to Denial of Service (DoS). The package does not properly restrict 
> the size or amount of resources that are requested or influenced by an actor, 
> which can be used to consume more resources than intended and leads to 
> Uncontrolled Resource Consumption ('Resource Exhaustion')



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0

Reply via email to