[ https://issues.apache.org/jira/browse/GEODE-10432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Murmann updated GEODE-10432: -------------------------------------- Labels: needsTriage (was: ) > Jackson-databind 2.13.2.2 has security vulnerabilities. Recommend upgrade to > 2.13.4.2. > -------------------------------------------------------------------------------------- > > Key: GEODE-10432 > URL: https://issues.apache.org/jira/browse/GEODE-10432 > Project: Geode > Issue Type: Bug > Affects Versions: 1.15.0 > Reporter: Alastair > Priority: Major > Labels: needsTriage > > In Geode 1.15.0, Jackson-databind 2.13.2.2 has known security > vulnerabilities. These issues are both fixed in 2.13.4.2. > > |HIGH|CVE-2022-42004 (BDSA-2022-2768) > [CVE-2022-42004 > (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2022-42004]|Jackson Databind > Vulnerable to Denial-of-Service (DoS) via Resource Exhaustion in > 'BeanDeserializer' Component|Fixed in 2.13.4| > |HIGH|CVE-2022-42003 (BDSA-2022-2765) > [CVE-2022-42003 > (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2022-42003]|Jackson Databind > Vulnerable to Denial-of-Service (DoS) via Resource Exhaustion in Primitive > Value Deserializers|Fixed in 2.13.4.2| > -- This message was sent by Atlassian Jira (v8.20.10#820010)