[jira] [Updated] (CASSANDRA-17556) jackson-databind 2.13.2 is vulnerable to CVE-2020-36518

Brandon Williams (Jira) Thu, 28 Apr 2022 07:13:06 -0700


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-17556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brandon Williams updated CASSANDRA-17556:
-----------------------------------------
    Status: Ready to Commit  (was: Review In Progress)

> jackson-databind 2.13.2 is vulnerable to CVE-2020-36518
> -------------------------------------------------------
>
>                 Key: CASSANDRA-17556
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17556
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Build
>            Reporter: Brandon Williams
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 3.11.13, 4.1, 4.0.4
>
>
> Seems like it's technically possible to cause a DoS with nested json.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CASSANDRA-17556) jackson-databind 2.13.2 is vulnerable to CVE-2020-36518

Reply via email to