[
https://issues.apache.org/jira/browse/SPARK-34124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sean R. Owen resolved SPARK-34124.
----------------------------------
Resolution: Won't Fix
> Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4
> ----------------------------------------------------------
>
> Key: SPARK-34124
> URL: https://issues.apache.org/jira/browse/SPARK-34124
> Project: Spark
> Issue Type: Bug
> Components: Build
> Affects Versions: 2.4.7
> Reporter: Yang Jie
> Priority: Minor
>
>
> {code:java}
> FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
> between serialization gadgets and typing, related to
> oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.{code}
>
> [CVE-2020-36179|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179]
> Spark 2.4.7 still using Jackson 2.6.7
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
