Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69895

Jackson-databind 2.13.1 affected by CVE -2022-42003;42004

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • allure-plugin
    • None

      The latest bump of jackson-databind was to 2.13.1.
      This version is currently affected by two CVEs:

      https://nvd.nist.gov/vuln/detail/CVE-2022-42003

      https://nvd.nist.gov/vuln/detail/CVE-2022-42004

       

      Since release 2.13.4 jackson-databind is no longer affected by the CVE-2022-42004.

            eroshenkoam Artem Eroshenko
            sandraantunes Sandra Antunes
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: