[jira] [Created] (TINKERPOP-2728) jackson-databind high security issue identified

Aaron Coady (Jira) Wed, 30 Mar 2022 08:27:05 -0700

Aaron Coady created TINKERPOP-2728:
--------------------------------------

             Summary: jackson-databind high security issue identified
                 Key: TINKERPOP-2728
                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2728
             Project: TinkerPop
          Issue Type: Improvement
            Reporter: Aaron Coady



A high severity vulnerability has been logged against jackson-databind. Below 
is the summary and link to the vulnerability. I see this is already resolved in 
issue 2678 for 3.6.0
[https://issues.apache.org/jira/projects/TINKERPOP/issues/TINKERPOP-2678]

Is this also included in 3.5.3? Do you have an eta on when this would release?

Thanks for all your help

 


+Vulnerability information:+
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial 
of service via a large depth of nested objects.

[https://nvd.nist.gov/vuln/detail/CVE-2020-36518]

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (TINKERPOP-2728) jackson-databind high security issue identified

Reply via email to