You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Akshay Kotecha Jain (Jira)" <ji...@apache.org> on 2021/06/01 17:45:00 UTC
[jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649
Akshay Kotecha Jain created KNOX-2614:
-----------------------------------------
Summary: Upgrade Jackson due to CVE-2020-25649
Key: KNOX-2614
URL: https://issues.apache.org/jira/browse/KNOX-2614
Project: Apache Knox
Issue Type: Improvement
Reporter: Akshay Kotecha Jain
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)