Skip to content

Multiple security vulnerabilities in jackson-databind in SDK 2.9.24 #1482

New issue
New issue
Closed
Closed
Multiple security vulnerabilities in jackson-databind in SDK 2.9.24#1482
Labels
dependenciesThis issue is a problem in a dependency.
@josephhanceslm

Description

@josephhanceslm
josephhanceslm
opened on Oct 22, 2019

Expected Behavior

The jackson-databind library version should be updated to at least 2.9.10

Current Behavior

The current version in SDK 2.9.24 is vulnerable to:

CVE-2019-17267
CVE-2019-14540
CVE-2019-14439

All are categorized as "high" severity.

Possible Solution

Upgrade to use jackson-databind 2.9.10

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesThis issue is a problem in a dependency.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions