[jira] [Commented] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0

Wed, 10 May 2023 13:45:06 -0700 


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721547#comment-17721547
 ] 

ASF GitHub Bot commented on TINKERPOP-2948:
-------------------------------------------

codecov-commenter commented on PR #2061:
URL: https://github.com/apache/tinkerpop/pull/2061#issuecomment-1542785683

   ## 
[Codecov](https://app.codecov.io/gh/apache/tinkerpop/pull/2061?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 Report
   > Merging 
[#2061](https://app.codecov.io/gh/apache/tinkerpop/pull/2061?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (311cd8d) into 
[3.5-dev](https://app.codecov.io/gh/apache/tinkerpop/commit/2ee47f203ffa76b9c0c466bd8ba291010afdd831?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
 (2ee47f2) will **decrease** coverage by `5.14%`.
   > The diff coverage is `n/a`.
   
   ```diff
   @@              Coverage Diff              @@
   ##             3.5-dev    #2061      +/-   ##
   =============================================
   - Coverage      69.38%   64.24%   -5.14%     
   =============================================
     Files            866       25     -841     
     Lines          41251     3759   -37492     
     Branches        5442        0    -5442     
   =============================================
   - Hits           28621     2415   -26206     
   + Misses         10719     1166    -9553     
   + Partials        1911      178    -1733     
   ```
   
   
   [see 841 files with indirect coverage 
changes](https://app.codecov.io/gh/apache/tinkerpop/pull/2061/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   
   :mega: We’re building smart automated test selection to slash your CI/CD 
build times. [Learn 
more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
   




> PRISMA security vulnerabilty for jackson-databind 2.14.0
> --------------------------------------------------------
>
>                 Key: TINKERPOP-2948
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2948
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.6.3, 3.5.6
>            Reporter: Aaron Coady
>            Priority: Major
>
>  
> h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0
> [https://github.com/FasterXML/jackson-core/pull/827]
>  
> com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are 
> vulnerable to Denial of Service (DoS). The package does not properly restrict 
> the size or amount of resources that are requested or influenced by an actor, 
> which can be used to consume more resources than intended and leads to 
> Uncontrolled Resource Consumption ('Resource Exhaustion')



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to