You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/02/20 03:40:53 UTC

[GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1

suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1
URL: https://github.com/apache/druid/pull/9379#issuecomment-588593937
 
 
   https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062#03cb - This is a really good write up on the CVE.
   
   It looks like even if we used a vulnerable version of jackson, it would not be possible to exploit the CVE. See the section `What is Required for a Jackson-based “gadget” Exploit?`

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org