Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
P3
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 1.2.0
-
Labels:
-
Template:customfield_11100 22389
-
Sprint:EPAM BatchLoader Sprint 7
-
Story Points:0.5
-
Development Team:Folijet
-
Epic Link:
Description
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.8 or later. For example:
<dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>[2.9.8,)</version> </dependency>
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2018-19360 [More information](https://nvd.nist.gov/vuln/detail/CVE-2018-19360)
high severity
*Vulnerable versions:* >= 2.9.0, < 2.9.8
*Patched version:* 2.9.8
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-19362 [More information](https://nvd.nist.gov/vuln/detail/CVE-2018-19362)
high severity
*Vulnerable versions:* >= 2.9.0, < 2.9.8
*Patched version:* 2.9.8
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-19361 [More information](https://nvd.nist.gov/vuln/detail/CVE-2018-19361)
high severity
*Vulnerable versions:* >= 2.9.0, < 2.9.8
*Patched version:* 2.9.8
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
TestRail: Results
Attachments
Issue Links
- blocks
-
FOLIO-1682 Security vulnerability reported in jackson-databind >= 2.9.0, < 2.9.8
-
- Closed
-
- relates to
-
UXPROD-656 Data Import (Batch Importer for Bib Acq) Infrastructure and Planning
-
- Closed
-