You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Aman Raj (Jira)" <ji...@apache.org> on 2022/07/14 06:30:00 UTC

[jira] [Work started] (HIVE-26391) [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the vulnerability.

     [ https://issues.apache.org/jira/browse/HIVE-26391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Work on HIVE-26391 started by Aman Raj.
---------------------------------------
> [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the vulnerability.
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-26391
>                 URL: https://issues.apache.org/jira/browse/HIVE-26391
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Aman Raj
>            Assignee: Aman Raj
>            Priority: Major
>
> jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.
> Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)