[jira] [Created] (CXF-8779) Vulnerabilities from dependencies - jackson-databind & commons-text

Ragul (Jira) Thu, 27 Oct 2022 06:02:06 -0700

Ragul created CXF-8779:
--------------------------

             Summary: Vulnerabilities from dependencies - jackson-databind & 
commons-text
                 Key: CXF-8779
                 URL: https://issues.apache.org/jira/browse/CXF-8779
             Project: CXF
          Issue Type: Bug
            Reporter: Ragul



Version 1.11.1 of avro-compiler contains the apache commons-text vulnerable 
library (1.9)  & 

Jackson-databind (2.12.7)

 

Vulnerabilities from dependencies:
[CVE-2022-42889|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889]
[CVE-2022-42004|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004]
[CVE-2022-42003|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003]

 

Is there any plan to upgrade dependency and address this issue?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-8779) Vulnerabilities from dependencies - jackson-databind & commons-text

Reply via email to