[ https://issues.apache.org/jira/browse/HIVE-28073?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Denys Kuzmenko updated HIVE-28073: ---------------------------------- Fix Version/s: 4.0.0 (was: 4.1.0) > Upgrade jackson version to 2.16.1 > --------------------------------- > > Key: HIVE-28073 > URL: https://issues.apache.org/jira/browse/HIVE-28073 > Project: Hive > Issue Type: Bug > Reporter: Araika Singh > Assignee: Araika Singh > Priority: Major > Labels: pull-request-available > Fix For: 4.0.0 > > > Jackson-databind through 2.15.2 allows attackers to cause a denial of service > or other unspecified impact via a crafted object that uses cyclic > dependencies. > [https://nvd.nist.gov/vuln/detail/CVE-2023-35116] > https://github.com/FasterXML/jackson-databind/issues/3972 -- This message was sent by Atlassian Jira (v8.20.10#820010)