You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@eventmesh.apache.org by GitBox <gi...@apache.org> on 2022/04/06 02:47:58 UTC

[GitHub] [incubator-eventmesh] xwm1992 opened a new issue, #822: [Bug] upgrade jackson-databind because current version brings the CVEs

xwm1992 opened a new issue, #822:
URL: https://github.com/apache/incubator-eventmesh/issues/822

   ### Search before asking
   
   - [X] I had searched in the [issues](https://github.com/apache/eventmesh/issues?q=is%3Aissue) and found no similar issues.
   
   
   ### Environment
   
   Window
   
   ### EventMesh version
   
   master
   
   ### What happened
   
   jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
   
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
   
   ### How to reproduce
   
   N/A
   
   ### Debug logs
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org

[GitHub] [incubator-eventmesh] xwm1992 closed issue #822: [Bug] upgrade jackson-databind because current version brings the CVEs

Posted by GitBox <gi...@apache.org>.

xwm1992 closed issue #822: [Bug] upgrade jackson-databind because current version brings the CVEs
URL: https://github.com/apache/incubator-eventmesh/issues/822


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@eventmesh.apache.org
For additional commands, e-mail: dev-help@eventmesh.apache.org