[jira] [Updated] (HIVE-26391) [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.

Aman Raj (Jira) Wed, 13 Jul 2022 23:40:06 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-26391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Aman Raj updated HIVE-26391:
----------------------------
    Summary: [CVE-2020-36518] Upgrade 
com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the 
vulnerability.  (was: [CVE-2020-36518] Upgrade 
com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 to fix the 
vulnerability.)

> [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 
> 2.13.0 to 2.13.2.1+ to fix the vulnerability.
> -----------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-26391
>                 URL: https://issues.apache.org/jira/browse/HIVE-26391
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Aman Raj
>            Assignee: Aman Raj
>            Priority: Major
>
> jackson-databind is a data-binding package for the Jackson Data Processor. 
> jackson-databind allows a Java stack overflow exception and denial of service 
> via a large depth of nested objects.
> Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1 
> to fix the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HIVE-26391) [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.

Reply via email to