[jira] [Updated] (CASSANDRA-20093) jackson-databind2.13.2.2 still exists in apache-cassandra-5.0.2

Brandon Williams (Jira) Wed, 20 Nov 2024 14:00:22 -0800


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-20093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brandon Williams updated CASSANDRA-20093:
-----------------------------------------
    Resolution: Duplicate
        Status: Resolved  (was: Triage Needed)

CVE-2022-42004 was CASSANDRA-17966 and CVE-2023-35116 was CASSANDRA-18630

> jackson-databind2.13.2.2 still exists in apache-cassandra-5.0.2
> ---------------------------------------------------------------
>
>                 Key: CASSANDRA-20093
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20093
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Kapil Shewate
>            Priority: Urgent
>
> Component name - jackson-databind
> Component version name - 2.13.2.2
> CVE-2022-42004 - 7.5
> CVE-2023-35116 - 4.7
> Archive Context and Path
> apache-cassandra-5.0.2/lib/jackson-databind-2.13.2.2.jar
>  
> Above CVE's are still applicable for the jackson-databind2.13.2.2 in 
> apache-cassandra-5.0.2
> CVSS score is 7.5 High



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CASSANDRA-20093) jackson-databind2.13.2.2 still exists in apache-cassandra-5.0.2

Reply via email to