You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Mohammad Arshad (Jira)" <ji...@apache.org> on 2022/03/31 18:25:00 UTC
[jira] [Resolved] (ZOOKEEPER-4505) CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mohammad Arshad resolved ZOOKEEPER-4505.
----------------------------------------
Fix Version/s: 3.9.0
3.7.1
3.6.4
3.8.1
Resolution: Fixed
Issue resolved by pull request 1846
[https://github.com/apache/zookeeper/pull/1846]
> CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
> -----------------------------------------------------
>
> Key: ZOOKEEPER-4505
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4505
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Edwin Hobor
> Priority: Major
> Labels: pull-request-available, security
> Fix For: 3.9.0, 3.7.1, 3.6.4, 3.8.1
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> *CVE-2020-36518* vulnerability affects jackson-databind in Zookeeper (see [https://github.com/advisories/GHSA-57j2-w4cx-62h2]).
> Upgrading to jackson-databind version *2.13.2.1* should address this issue.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)