[
https://issues.apache.org/jira/browse/CURATOR-552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vladimir Pligin closed CURATOR-552.
-----------------------------------
Resolution: Fixed
already updated to 2.10.0
> Update jackson-databind dependencies
> ------------------------------------
>
> Key: CURATOR-552
> URL: https://issues.apache.org/jira/browse/CURATOR-552
> Project: Apache Curator
> Issue Type: Bug
> Components: General
> Affects Versions: 4.2.0
> Reporter: Vladimir Pligin
> Priority: Major
> Fix For: TBD
>
>
> There are some CVE reports related to 2.9.8 and 2.9.9 versions, for example:
> *
> [CVE-2019-14379|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14379]
> *
> [CVE-2019-17267|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17267]
> *
> [CVE-2019-16335|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16335]
> *
> [CVE-2019-14540|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14540]
> *
> [CVE-2019-16943|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16943]
> *
> [CVE-2019-16942|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16942]
> *
> [CVE-2019-17531|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17531]
> *
> [CVE-2019-14439|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14439]
> *
> [CVE-2019-12086|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12086]
> *
> [CVE-2019-12814|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814]
> *
> [CVE-2019-12384|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12384]
> Most of them suggest to update to the 2.9.10 version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
