You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Brandon Williams (Jira)" <ji...@apache.org> on 2021/03/01 20:57:00 UTC
[jira] [Commented] (CASSANDRA-16462) Upgrade to Jackson Databind
2.9.10.8 or later fix high vulnerabilities
[ https://issues.apache.org/jira/browse/CASSANDRA-16462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17293168#comment-17293168 ]
Brandon Williams commented on CASSANDRA-16462:
----------------------------------------------
||Patch|CI||
|[3.11|https://github.com/driftx/cassandra/tree/CASSANDRA-16142-3.11]|[!https://ci-cassandra.apache.org/job/Cassandra-devbranch/434/badge/icon!|https://ci-cassandra.apache.org/blue/organizations/jenkins/Cassandra-devbranch/detail/Cassandra-devbranch/434/pipeline]|
|[trunk|https://github.com/driftx/cassandra/tree/CASSANDRA-16142]|[!https://ci-cassandra.apache.org/job/Cassandra-devbranch/436/badge/icon!|https://ci-cassandra.apache.org/blue/organizations/jenkins/Cassandra-devbranch/detail/Cassandra-devbranch/436/pipeline]|
Ignore my branch names as they are typo'd.
> Upgrade to Jackson Databind 2.9.10.8 or later fix high vulnerabilities
> -----------------------------------------------------------------------
>
> Key: CASSANDRA-16462
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16462
> Project: Cassandra
> Issue Type: Improvement
> Components: Dependencies
> Reporter: Bhargav Joshi
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 3.11.x, 4.0-rc
>
>
> There are 22 high CVEs
> CVE ID | Severity | Packages | Source Package | Fixed Package Version
> -- | -- | -- | -- | --
> CVE-2020-24750 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.6
> CVE-2020-24616 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.6
> CVE-2020-14195 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-14062 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-14061 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-14060 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-35491 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-35490 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-35728 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2021-20190 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.7
> CVE-2020-25649 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.10.5.1, 2.9.10.7, 2.6.7.4
> CVE-2020-36187 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36188 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36189 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36186 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36185 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36183 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36184 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36182 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36179 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36180 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36181 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org