[jira] [Updated] (TIKA-3923) Vulnerable "jackson-databind : 2.13.3" is present in tika-app 2.4.1

Wed, 09 Nov 2022 08:59:06 -0800 


     [ 
https://issues.apache.org/jira/browse/TIKA-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aman Mishra updated TIKA-3923:
------------------------------
    Description: 
[7.5] [CVE-2022-42003] [jackson-databind] [2.13.3] [remedy_platform]

[7.5] [CVE-2022-42004] [jackson-databind] [2.13.3] [remedy_platform]

We can see that jackson-databind with version 2.13.3 is present in tika-app 
2.4.1 jar. We can see that latest jackson-databind with version 2.14.0 is not 
vulnerable.

 

  was:
[7.5] [CVE-2022-42003] [jackson-databind] [2.13.3] [remedy_platform]

We can see that jackson-databind with version 2.13.3 is present in tika-app 
2.4.1 jar. We can see that latest jackson-databind with version 2.14.0 is not 
vulnerable.

 


> Vulnerable "jackson-databind : 2.13.3" is present in tika-app 2.4.1
> -------------------------------------------------------------------
>
>                 Key: TIKA-3923
>                 URL: https://issues.apache.org/jira/browse/TIKA-3923
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Priority: Major
>
> [7.5] [CVE-2022-42003] [jackson-databind] [2.13.3] [remedy_platform]
> [7.5] [CVE-2022-42004] [jackson-databind] [2.13.3] [remedy_platform]
> We can see that jackson-databind with version 2.13.3 is present in tika-app 
> 2.4.1 jar. We can see that latest jackson-databind with version 2.14.0 is not 
> vulnerable.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to