You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Derek Lohnes (Jira)" <ji...@apache.org> on 2020/03/31 18:49:00 UTC

[jira] [Created] (DRILL-7681) Vulnerability in dependency jackson-mapper-asl-1.9.13.jar

Derek Lohnes created DRILL-7681:
-----------------------------------

             Summary: Vulnerability in dependency jackson-mapper-asl-1.9.13.jar
                 Key: DRILL-7681
                 URL: https://issues.apache.org/jira/browse/DRILL-7681
             Project: Apache Drill
          Issue Type: Bug
    Affects Versions: 1.17.0
            Reporter: Derek Lohnes


Vulnerability in dependency jackson-mapper-asl-1.9.13.jar



Max CVSS: 7.5 (High)

Total # CVEs: 1

Note: This is the last release of jackson-mapper-asl before it was moved / renamed to jackson-databind from 2013. While there is only one known CVE, the fix for that is to upgrade to jackson-databind. It is likely many of the same issue impacting databind impact mapper as well.

[https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-mapper-asl&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-mapper-asl%3A1.9.13]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)