You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2022/10/27 13:07:00 UTC

[jira] [Closed] (CXF-8779) Vulnerabilities from dependencies - jackson-databind & commons-text

     [ https://issues.apache.org/jira/browse/CXF-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh closed CXF-8779.
------------------------------------
    Resolution: Not A Problem

> Vulnerabilities from dependencies - jackson-databind & commons-text
> -------------------------------------------------------------------
>
>                 Key: CXF-8779
>                 URL: https://issues.apache.org/jira/browse/CXF-8779
>             Project: CXF
>          Issue Type: Bug
>            Reporter: Ragul
>            Priority: Critical
>
> Version 1.11.1 of avro-compiler contains the apache commons-text vulnerable library (1.9)  & 
> Jackson-databind (2.12.7)
>  
> Vulnerabilities from dependencies:
> [CVE-2022-42889|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889]
> [CVE-2022-42004|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004]
> [CVE-2022-42003|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003]
>  
> Is there any plan to upgrade dependency and address this issue?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)