[jira] [Created] (CASSANDRA-16462) Upgrade to Jackson Databind 2.9.10.8 or later fix high vulnerabilities

Fri, 19 Feb 2021 11:52:06 -0800 

Bhargav Joshi created CASSANDRA-16462:
-----------------------------------------

             Summary: Upgrade to Jackson Databind 2.9.10.8 or later fix high 
vulnerabilities 
                 Key: CASSANDRA-16462
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16462
             Project: Cassandra
          Issue Type: Improvement
            Reporter: Bhargav Joshi


There are 22 high CVEs


CVE ID | Severity | Packages | Source Package | Fixed Package Version
-- | -- | -- | -- | --
CVE-2020-24750 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.6
CVE-2020-24616 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.6
CVE-2020-14195 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.5
CVE-2020-14062 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.5
CVE-2020-14061 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.5
CVE-2020-14060 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.5
CVE-2020-35491 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-35490 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-35728 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2021-20190 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.7
CVE-2020-25649 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.10.5.1, 2.9.10.7, 2.6.7.4
CVE-2020-36187 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36188 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36189 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36186 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36185 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36183 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36184 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36182 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36179 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36180 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8
CVE-2020-36181 | high | com.fasterxml.jackson.core_jackson-databind | 2.9.10.4 
| fixed in 2.9.10.8



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to