You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Brandon Williams (Jira)" <ji...@apache.org> on 2021/02/19 20:02:00 UTC
[jira] [Updated] (CASSANDRA-16462) Upgrade to Jackson Databind
2.9.10.8 or later fix high vulnerabilities
[ https://issues.apache.org/jira/browse/CASSANDRA-16462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brandon Williams updated CASSANDRA-16462:
-----------------------------------------
Fix Version/s: 4.0-rc
3.11.x
> Upgrade to Jackson Databind 2.9.10.8 or later fix high vulnerabilities
> -----------------------------------------------------------------------
>
> Key: CASSANDRA-16462
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16462
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Bhargav Joshi
> Priority: Normal
> Fix For: 3.11.x, 4.0-rc
>
>
> There are 22 high CVEs
> CVE ID | Severity | Packages | Source Package | Fixed Package Version
> -- | -- | -- | -- | --
> CVE-2020-24750 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.6
> CVE-2020-24616 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.6
> CVE-2020-14195 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-14062 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-14061 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-14060 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.5
> CVE-2020-35491 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-35490 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-35728 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2021-20190 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.7
> CVE-2020-25649 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.10.5.1, 2.9.10.7, 2.6.7.4
> CVE-2020-36187 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36188 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36189 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36186 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36185 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36183 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36184 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36182 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36179 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36180 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
> CVE-2020-36181 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 | fixed in 2.9.10.8
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org