You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Aman Raj (Jira)" <ji...@apache.org> on 2022/07/14 06:40:00 UTC
[jira] [Updated] (HIVE-26391) [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.
[ https://issues.apache.org/jira/browse/HIVE-26391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aman Raj updated HIVE-26391:
----------------------------
Summary: [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability. (was: [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the vulnerability.)
> [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-26391
> URL: https://issues.apache.org/jira/browse/HIVE-26391
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Reporter: Aman Raj
> Assignee: Aman Raj
> Priority: Major
>
> jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.
> Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)