-
Bug
-
Resolution: Done
-
Medium
-
Dublin Release
-
El Alto Sprint 3
jackson-datatype is vulnerable to CVE-2017-4995. There is no non-vulnerable version of this library. Workaround is not to use default typing (see https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization)
- is cloned by
-
CCSDK-1876 jackson-datatype deserialization has known vulnerability
- Closed
-
SDNC-599 CVE-2017-4995 - jackson-datatype has incomplete fix
- Closed