Jackson-databind 2.13.1 affected by CVE -2022-42003;42004

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Minor
    • Component/s: allure-plugin
    • None

      The latest bump of jackson-databind was to 2.13.1.
      This version is currently affected by two CVEs:

      https://nvd.nist.gov/vuln/detail/CVE-2022-42003

      https://nvd.nist.gov/vuln/detail/CVE-2022-42004

       

      Since release 2.13.4 jackson-databind is no longer affected by the CVE-2022-42004.

            Assignee:
            Artem Eroshenko
            Reporter:
            Sandra Antunes
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: