[
https://issues.apache.org/jira/browse/ZOOKEEPER-4628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mate Szalay-Beko resolved ZOOKEEPER-4628.
-----------------------------------------
Resolution: Duplicate
Thank you [~ivodujmovic] for reporting this issue and submitting a PR!
I see that in the meanwhile this was fixed by ZOOKEEPER-4661. (of course since
that time we had an other CVE, but I will take care of that in a separate
ticket)
> CVE-2022-42003 CVE-2022-42004 HIGH: upgrade jackson-databind-2.13.3.jar to
> 2.13.4.1
> -----------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-4628
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4628
> Project: ZooKeeper
> Issue Type: Task
> Components: security
> Affects Versions: 3.5.10, 3.8.0, 3.7.1
> Reporter: Ivo Dujmovic
> Priority: Critical
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Two High issues
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
> affect jackson version 2.13.3 which zk should update to 2.13.4.1
> Other projects have done this, but Zookeeper has not.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
