[jira] [Resolved] (TIKA-3923) Vulnerable "jackson-databind : 2.13.3" is present in tika-app 2.4.1

Tim Allison (Jira) Wed, 09 Nov 2022 09:23:05 -0800


     [ 
https://issues.apache.org/jira/browse/TIKA-3923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tim Allison resolved TIKA-3923.
-------------------------------
    Resolution: Not A Problem

Please upgrade to Tika 2.6.0, which uses jackson-databind 2.13.4.2

> Vulnerable "jackson-databind : 2.13.3" is present in tika-app 2.4.1
> -------------------------------------------------------------------
>
>                 Key: TIKA-3923
>                 URL: https://issues.apache.org/jira/browse/TIKA-3923
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Priority: Major
>
> [7.5] [CVE-2022-42003] [jackson-databind] [2.13.3] [remedy_platform]
> [7.5] [CVE-2022-42004] [jackson-databind] [2.13.3] [remedy_platform]
> We can see that jackson-databind with version 2.13.3 is present in tika-app 
> 2.4.1 jar. We can see that latest jackson-databind with version 2.14.0 is not 
> vulnerable.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (TIKA-3923) Vulnerable "jackson-databind : 2.13.3" is present in tika-app 2.4.1

Reply via email to