[jira] [Updated] (HADOOP-16891) Upgrade jackson-databind to 2.9.10.3

Siyao Meng (Jira) Thu, 27 Feb 2020 12:02:23 -0800


     [ 
https://issues.apache.org/jira/browse/HADOOP-16891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Siyao Meng updated HADOOP-16891:
--------------------------------
    Description: 
New [RCE|https://nvd.nist.gov/vuln/detail/CVE-2020-8840] found in 
jackson-databind 2.0.0 through 2.9.10.2.

Patched in 2.9.10.3. [Looks 
critical|https://github.com/jas502n/CVE-2020-8840/blob/master/Poc.java#L13].

After HADOOP-16882 get in we should backport this to those lower-version 
branches as well

  was:
New RCE found in jackson-databind 2.0.0 through 2.9.10.2.

Patched in 2.9.10.3. Looks critical.


> Upgrade jackson-databind to 2.9.10.3
> ------------------------------------
>
>                 Key: HADOOP-16891
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16891
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Siyao Meng
>            Assignee: Siyao Meng
>            Priority: Blocker
>             Fix For: 3.3.0
>
>
> New [RCE|https://nvd.nist.gov/vuln/detail/CVE-2020-8840] found in 
> jackson-databind 2.0.0 through 2.9.10.2.
> Patched in 2.9.10.3. [Looks 
> critical|https://github.com/jas502n/CVE-2020-8840/blob/master/Poc.java#L13].
> After HADOOP-16882 get in we should backport this to those lower-version 
> branches as well



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Updated] (HADOOP-16891) Upgrade jackson-databind to 2.9.10.3

Reply via email to