suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1 URL: https://github.com/apache/druid/pull/9379#issuecomment-588593937 https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062#03cb - This is a really good write up on the CVE. It looks like even if we used a vulnerable version of jackson, it would not be possible to exploit the CVE. See the section `What is Required for a Jackson-based “gadget” Exploit?`
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
