Uploaded image for project: 'Network Controller'
  1. Network Controller
  2. SDNC-599

CVE-2017-4995 - jackson-datatype has incomplete fix

XMLWordPrintable

    • SDNC Dublin Spr 3 3/11 - 3/29, SDNC Fr Sp2:11/23-12/13

      jackson-datatype is vulnerable to CVE-2017-4995.  There is no non-vulnerable version of this library.  Workaround is not to use default typing (see https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization)

            Unassigned Unassigned
            djtimoney Dan Timoney
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: