You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Tigran Mardanyan (Jira)" <ji...@apache.org> on 2020/09/01 09:00:11 UTC
[jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5
is affected by CVE-2019-10712 or not ?
[ https://issues.apache.org/jira/browse/CASSANDRA-15701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17188281#comment-17188281 ]
Tigran Mardanyan commented on CASSANDRA-15701:
----------------------------------------------
Sorry guys, but my security scanners warn about this as well. It seems Apache Cassandra is not affected but need confirmation from you experts.
If this is not correct place to talk about this issue, please direct me to the correct platform where I can ask for impact analyze.
Any updated on this much appreciated.
> Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?
> ---------------------------------------------------------------------
>
> Key: CASSANDRA-15701
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15701
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: wht
> Priority: Normal
>
> Because cassandra 3.11.3/3.11.5 rely on jackson-mapper-asl-1.9.13.jar which has been reported a vulnerability CVE-2019-10172, [https://nvd.nist.gov/vuln/detail/CVE-2019-10172], so I want to know if it has an impact to cassandra. Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org