You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Ivo Dujmovic (Jira)" <ji...@apache.org> on 2022/10/24 20:03:00 UTC
[jira] [Created] (ZOOKEEPER-4628) CVE-2022-42003 CVE-2022-42004 HIGH: upgrade jackson-databind-2.13.3.jar to 2.13.4.1
Ivo Dujmovic created ZOOKEEPER-4628:
---------------------------------------
Summary: CVE-2022-42003 CVE-2022-42004 HIGH: upgrade jackson-databind-2.13.3.jar to 2.13.4.1
Key: ZOOKEEPER-4628
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4628
Project: ZooKeeper
Issue Type: Task
Components: security
Affects Versions: 3.7.1, 3.8.0, 3.5.10
Reporter: Ivo Dujmovic
Two High issues
[https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
[https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
affect jackson version 2.13.3 which zk should update to 2.13.4.1
Other projects have done this, but Zookeeper has not.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)