Uploaded image for project: 'folio-service-tools'
  1. folio-service-tools
  2. FST-24

jackson-databind 2.13.2.1 Denial of Service (CVE-2020-36518)

    XMLWordPrintable

Details

    • Core: Platform
    • TBD

    Description

      Upgrade RMB, Vert.x, mod-configuration-client and Wiremock to indirectly upgrade jackson-databind from 2.13.1 to 2.13.2.1 fixing Denial of Service (DoS) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518

      Upgrade log4j from 2.17.1 to 2.17.2 because maintainers recommend it: https://logging.apache.org/log4j/2.x/

      TestRail: Results

        Attachments

          Activity

            People

              julianladisch Julian Ladisch
              julianladisch Julian Ladisch
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                TestRail: Runs

                  TestRail: Cases