You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Edwin Hobor (Jira)" <ji...@apache.org> on 2022/03/29 12:56:00 UTC

[jira] [Commented] (ZOOKEEPER-4505) CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17514071#comment-17514071 ] 

Edwin Hobor commented on ZOOKEEPER-4505:
----------------------------------------

https://github.com/apache/zookeeper/pull/1842

> CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
> -----------------------------------------------------
>
>                 Key: ZOOKEEPER-4505
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4505
>             Project: ZooKeeper
>          Issue Type: Bug
>            Reporter: Edwin Hobor
>            Priority: Major
>              Labels: pull-request-available, security
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> *CVE-2020-36518* vulnerability affects jackson-databind in Zookeeper (see [https://github.com/advisories/GHSA-57j2-w4cx-62h2]).
> Upgrading to jackson-databind version *2.13.2.1* should address this issue.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)