[jira] [Work logged] (HIVE-26391) [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ to fix the vulnerability.

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-26391?focusedWorklogId=791058&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-791058
 ]

ASF GitHub Bot logged work on HIVE-26391:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 14/Jul/22 17:06
            Start Date: 14/Jul/22 17:06
    Worklog Time Spent: 10m 
      Work Description: amanraj2520 commented on PR #3440:
URL: https://github.com/apache/hive/pull/3440#issuecomment-1184682208

   Hi @ayushtkn Makes sense




Issue Time Tracking
-------------------

    Worklog Id:     (was: 791058)
    Time Spent: 0.5h  (was: 20m)

> [CVE-2020-36518] Upgrade com.fasterxml.jackson.core:jackson-databind from 
> 2.13.0 to 2.13.2.1+ to fix the vulnerability.
> -----------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-26391
>                 URL: https://issues.apache.org/jira/browse/HIVE-26391
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>            Reporter: Aman Raj
>            Assignee: Aman Raj
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> jackson-databind is a data-binding package for the Jackson Data Processor. 
> jackson-databind allows a Java stack overflow exception and denial of service 
> via a large depth of nested objects.
> Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.0 to 2.13.2.1+ 
> to fix the vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)