You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Aman Raj (Jira)" <ji...@apache.org> on 2022/07/14 06:40:00 UTC

[jira] [Updated] (HIVE-26391) [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.

     [ https://issues.apache.org/jira/browse/HIVE-26391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aman Raj updated HIVE-26391:
----------------------------
    Summary: [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.  (was: [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the vulnerability.)

> [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.
> -----------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-26391
>                 URL: https://issues.apache.org/jira/browse/HIVE-26391
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Aman Raj
>            Assignee: Aman Raj
>            Priority: Major
>
> jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.
> Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)