You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Akshay Kotecha Jain (Jira)" <ji...@apache.org> on 2021/06/01 17:45:00 UTC

[jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649

Akshay Kotecha Jain created KNOX-2614:
-----------------------------------------

             Summary: Upgrade Jackson due to CVE-2020-25649
                 Key: KNOX-2614
                 URL: https://issues.apache.org/jira/browse/KNOX-2614
             Project: Apache Knox
          Issue Type: Improvement
            Reporter: Akshay Kotecha Jain


A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)