[
https://issues.apache.org/jira/browse/SPARK-40782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834801#comment-17834801
]
Ramakrishna commented on SPARK-40782:
-------------------------------------
Hi this seems to be an issue still as transitive dependency in hadoop
│ com.fasterxml.jackson.core:jackson-databind │ CVE-2022-42003
│ HIGH │ fixed │ 2.12.7 │ 2.12.7.1, 2.13.4.2
│ jackson-databind: deep wrapper array nesting wrt │
│ (org.apache.hadoop_hadoop-client-runtime-3.3.4.jar)
Is thrre a fix for this ?
> Upgrade Jackson-databind to 2.13.4.1
> ------------------------------------
>
> Key: SPARK-40782
> URL: https://issues.apache.org/jira/browse/SPARK-40782
> Project: Spark
> Issue Type: Improvement
> Components: Build
> Affects Versions: 3.4.0
> Reporter: Yang Jie
> Assignee: Yang Jie
> Priority: Minor
> Fix For: 3.3.1, 3.4.0
>
>
> #3590: Add check in primitive value deserializers to avoid deep wrapper array
> nesting wrt `UNWRAP_SINGLE_VALUE_ARRAYS` [CVE-2022-42003]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
