You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Ivo Dujmovic (Jira)" <ji...@apache.org> on 2022/10/24 20:03:00 UTC

[jira] [Created] (ZOOKEEPER-4628) CVE-2022-42003 CVE-2022-42004 HIGH: upgrade jackson-databind-2.13.3.jar to 2.13.4.1

Ivo Dujmovic created ZOOKEEPER-4628:
---------------------------------------

             Summary: CVE-2022-42003 CVE-2022-42004 HIGH: upgrade jackson-databind-2.13.3.jar to 2.13.4.1
                 Key: ZOOKEEPER-4628
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4628
             Project: ZooKeeper
          Issue Type: Task
          Components: security
    Affects Versions: 3.7.1, 3.8.0, 3.5.10
            Reporter: Ivo Dujmovic


Two High issues 

[https://nvd.nist.gov/vuln/detail/CVE-2022-42003]

[https://nvd.nist.gov/vuln/detail/CVE-2022-42004]

affect jackson version 2.13.3 which zk should update to 2.13.4.1 

Other projects have done this, but Zookeeper has not.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)