[jira] [Commented] (TOMEE-4290) Jackson 2.16.0

Richard Zowalla (Jira) Tue, 12 Dec 2023 23:47:04 -0800


    [ 
https://issues.apache.org/jira/browse/TOMEE-4290?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17796045#comment-17796045
 ]


Richard Zowalla commented on TOMEE-4290:
----------------------------------------

NOTE: the vendor's perspective is that this is not a valid vulnerability 
report, because the steps of constructing a cyclic data structure and trying to 
serialize it cannot be achieved by an external attacker. (copied from the link)

> Jackson 2.16.0
> --------------
>
>                 Key: TOMEE-4290
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4290
>             Project: TomEE
>          Issue Type: Dependency upgrade
>          Components: TomEE Core Server
>    Affects Versions: 8.0.16, 9.1.1
>            Reporter: RAJU THANNEERU
>            Priority: Major
>
> [NVD - CVE-2023-35116 
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2023-35116]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TOMEE-4290) Jackson 2.16.0

Reply via email to