[jira] [Updated] (CASSANDRA-20093) jackson-databind2.13.2.2 still exists in apache-cassandra-5.0.2

Wed, 20 Nov 2024 05:44:24 -0800 


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-20093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kapil Shewate updated CASSANDRA-20093:
--------------------------------------
        Impacts: Security  (was: None)
       Severity: Critical
    Description: 
Component name - jackson-databind
Component version name - 2.13.2.2
CVE-2022-42004 - 7.5
CVE-2023-35116 - 4.7

Archive Context and Path
apache-cassandra-5.0.2/lib/jackson-databind-2.13.2.2.jar

 

Above CVE's are still applicable for the jackson-databind2.13.2.2 in 
apache-cassandra-5.0.2

CVSS score is 7.5 High

  was:
Component name - jackson-databind
Component version name - 2.13.2.2
CVE-2022-42004 - 7.5
CVE-2023-35116 - 4.7

Archive Context and Path
apache-cassandra-5.0.2/lib/jackson-databind-2.13.2.2.jar

 

Above CVE's are still applicable for the jackson-databind2.13.2.2 in 
apache-cassandra-5.0.2


> jackson-databind2.13.2.2 still exists in apache-cassandra-5.0.2
> ---------------------------------------------------------------
>
>                 Key: CASSANDRA-20093
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20093
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Kapil Shewate
>            Priority: Urgent
>
> Component name - jackson-databind
> Component version name - 2.13.2.2
> CVE-2022-42004 - 7.5
> CVE-2023-35116 - 4.7
> Archive Context and Path
> apache-cassandra-5.0.2/lib/jackson-databind-2.13.2.2.jar
>  
> Above CVE's are still applicable for the jackson-databind2.13.2.2 in 
> apache-cassandra-5.0.2
> CVSS score is 7.5 High



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to