[jira] [Updated] (DRILL-7679) Vulnerabilities in dependency htrace-core4-4.1.0-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.4.0)

Tue, 31 Mar 2020 11:52:40 -0700 


     [ 
https://issues.apache.org/jira/browse/DRILL-7679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Derek Lohnes updated DRILL-7679:
--------------------------------
    Description: 
Vulnerabilities in dependency htrace-core4-4.1.0-incubating.jar (shaded: 
com.fasterxml.jackson.core:jackson-databind:2.4.0)
  

Max CVSS Score: 9.8 (Critical)

Total # CVEs: 20

Note: The issue with htrace is its use of Jackson Databind.

[https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.4.0]

 

  was:
[|https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.4.0]

Vulnerabilities in dependency htrace-core4-4.1.0-incubating.jar (shaded: 
com.fasterxml.jackson.core:jackson-databind:2.4.0)
  

Max CVSS Score: 9.8 (Critical)

Total # CVEs: 20

Note: The issue with htrace is its use of Jackson Databind.

[https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.4.0]
 
  


> Vulnerabilities in dependency htrace-core4-4.1.0-incubating.jar (shaded: 
> com.fasterxml.jackson.core:jackson-databind:2.4.0)
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DRILL-7679
>                 URL: https://issues.apache.org/jira/browse/DRILL-7679
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.17.0
>            Reporter: Derek Lohnes
>            Priority: Major
>
> Vulnerabilities in dependency htrace-core4-4.1.0-incubating.jar (shaded: 
> com.fasterxml.jackson.core:jackson-databind:2.4.0)
>   
> Max CVSS Score: 9.8 (Critical)
> Total # CVEs: 20
> Note: The issue with htrace is its use of Jackson Databind.
> [https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.4.0]
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to