[jira] [Updated] (TINKERPOP-2728) jackson-databind high security issue identified

Stephen Mallette (Jira) Wed, 30 Mar 2022 08:51:21 -0700


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Stephen Mallette updated TINKERPOP-2728:
----------------------------------------
    Component/s: io

> jackson-databind high security issue identified
> -----------------------------------------------
>
>                 Key: TINKERPOP-2728
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2728
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: io
>    Affects Versions: 3.5.2
>            Reporter: Aaron Coady
>            Priority: Major
>
> A high severity vulnerability has been logged against jackson-databind. Below 
> is the summary and link to the vulnerability. I see this is already resolved 
> in issue 2678 for 3.6.0
> [https://issues.apache.org/jira/projects/TINKERPOP/issues/TINKERPOP-2678]
> Is this also included in 3.5.3? Do you have an eta on when this would release?
> Thanks for all your help
>  
> +Vulnerability information:+
> jackson-databind before 2.13.0 allows a Java StackOverflow exception and 
> denial of service via a large depth of nested objects.
> [https://nvd.nist.gov/vuln/detail/CVE-2020-36518]
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (TINKERPOP-2728) jackson-databind high security issue identified

Reply via email to