Uploaded image for project: 'Common Controller SDK'
  1. Common Controller SDK
  2. CCSDK-970

CVE-2017-4995 - jackson-datatype has incomplete fix

    XMLWordPrintable

    Details

      Description

      jackson-datatype is vulnerable to CVE-2017-4995.  There is no non-vulnerable version of this library.  Workaround is not to use default typing (see https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization)

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              djtimoney Dan Timoney
              Reporter:
              djtimoney Dan Timoney
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: