Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Medium
Fix Version/s: El Alto Release
Affects Version/s: Dublin Release
Component/s: apps, distribution
Labels:
- Security

Epic Link:
Security Fixes - El Alto
Sprint:
El Alto Sprint 3

jackson-datatype is vulnerable to CVE-2017-4995. There is no non-vulnerable version of this library. Workaround is not to use default typing (see https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization)

is cloned by

CCSDK-1876 jackson-datatype deserialization has known vulnerability

Closed

SDNC-599 CVE-2017-4995 - jackson-datatype has incomplete fix

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

Assignee:: Dan Timoney

Reporter:: Dan Timoney

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 21/Jan/19 2:44 PM

Updated:: 30/Oct/19 12:46 PM

Resolved:: 04/Sep/19 4:24 PM