[jira] [Commented] (TINKERPOP-2809) High severity security vulnerability found in jackson databind

ASF GitHub Bot (Jira) Fri, 07 Oct 2022 14:55:07 -0700


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17614286#comment-17614286
 ]


ASF GitHub Bot commented on TINKERPOP-2809:
-------------------------------------------

codecov-commenter commented on PR #1824:
URL: https://github.com/apache/tinkerpop/pull/1824#issuecomment-1272114430

   # 
[Codecov](https://codecov.io/gh/apache/tinkerpop/pull/1824?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#1824](https://codecov.io/gh/apache/tinkerpop/pull/1824?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (8051f33) into 
[3.6-dev](https://codecov.io/gh/apache/tinkerpop/commit/73531f9c16f99eaa7294fbd2bbddfc52a3414765?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (73531f9) will **decrease** coverage by `5.15%`.
   > The diff coverage is `n/a`.
   
   ```diff
   @@              Coverage Diff              @@
   ##             3.6-dev    #1824      +/-   ##
   =============================================
   - Coverage      69.21%   64.06%   -5.16%     
   =============================================
     Files            875       23     -852     
     Lines          41737     3679   -38058     
     Branches        5620        0    -5620     
   =============================================
   - Hits           28889     2357   -26532     
   + Misses         10874     1154    -9720     
   + Partials        1974      168    -1806     
   ```
   
   
   | [Impacted 
Files](https://codecov.io/gh/apache/tinkerpop/pull/1824?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 | Coverage Δ | |
   |---|---|---|
   | 
[.../tinkerpop/gremlin/process/traversal/Contains.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL3RyYXZlcnNhbC9Db250YWlucy5qYXZh)
 | | |
   | 
[...p/gremlin/util/iterator/AbortiveMultiIterator.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi91dGlsL2l0ZXJhdG9yL0Fib3J0aXZlTXVsdGlJdGVyYXRvci5qYXZh)
 | | |
   | 
[...lin/process/computer/traversal/WorkerExecutor.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL2NvbXB1dGVyL3RyYXZlcnNhbC9Xb3JrZXJFeGVjdXRvci5qYXZh)
 | | |
   | 
[...inkerpop/gremlin/jsr223/AbstractGremlinPlugin.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9qc3IyMjMvQWJzdHJhY3RHcmVtbGluUGx1Z2luLmphdmE=)
 | | |
   | 
[...process/traversal/translator/PythonTranslator.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL3RyYXZlcnNhbC90cmFuc2xhdG9yL1B5dGhvblRyYW5zbGF0b3IuamF2YQ==)
 | | |
   | 
[...mlin/process/traversal/step/map/SumGlobalStep.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL3RyYXZlcnNhbC9zdGVwL21hcC9TdW1HbG9iYWxTdGVwLmphdmE=)
 | | |
   | 
[.../gremlin/process/traversal/step/filter/OrStep.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9wcm9jZXNzL3RyYXZlcnNhbC9zdGVwL2ZpbHRlci9PclN0ZXAuamF2YQ==)
 | | |
   | 
[...remlin/jsr223/console/GremlinShellEnvironment.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9qc3IyMjMvY29uc29sZS9HcmVtbGluU2hlbGxFbnZpcm9ubWVudC5qYXZh)
 | | |
   | 
[...n/structure/io/binary/types/BindingSerializer.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1jb3JlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS90aW5rZXJwb3AvZ3JlbWxpbi9zdHJ1Y3R1cmUvaW8vYmluYXJ5L3R5cGVzL0JpbmRpbmdTZXJpYWxpemVyLmphdmE=)
 | | |
   | 
[...lin/groovy/jsr223/GroovyCompilerGremlinPlugin.java](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-Z3JlbWxpbi1ncm9vdnkvc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL3RpbmtlcnBvcC9ncmVtbGluL2dyb292eS9qc3IyMjMvR3Jvb3Z5Q29tcGlsZXJHcmVtbGluUGx1Z2luLmphdmE=)
 | | |
   | ... and [842 
more](https://codecov.io/gh/apache/tinkerpop/pull/1824/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 | |
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   




> High severity security vulnerability found in jackson databind
> --------------------------------------------------------------
>
>                 Key: TINKERPOP-2809
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2809
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.6.1
>            Reporter: Aaron Coady
>            Priority: Major
>
> Two High security vulnerabilities in jackson databind. Here are the two 
> links. 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
> Fixes are in 2.14.0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TINKERPOP-2809) High severity security vulnerability found in jackson databind

Reply via email to