Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69894

Jackson-databind 2.13.2.2 affected by CVE -2022-42003;42004

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • jackson2-api-plugin
    • None

      The latest bump of jackson2-api was to version 2.13.2.20220328-273.v11d70a_b_a_1a_52.
      This version is currently affected by two CVEs:

      https://nvd.nist.gov/vuln/detail/CVE-2022-42003

      https://nvd.nist.gov/vuln/detail/CVE-2022-42004

       

      Since release 2.13.4 jackson2-api is no longer affected by the CVE-2022-42004.

       

       

            Unassigned Unassigned
            sandraantunes Sandra Antunes
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: