[JOC-1176] Update jackson databind 2.9.10.7 to 2.9.10.8 due to 3rd party vulnerability issue CVE-2020-36186 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 2.1.1
Component/s: JOC Cockpit Web Service
Labels:
None

CVE-ID:
CVE-2020-36186

Description

Current Situation

Currently JS7 components use jackson databind version 2.9.10.7
a vulnerability affect this version,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186

Desired Behavior

Due to a vulnerability Issue of older jackson databind releases JS7 components should use the current version 2.9.10.8 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Kanika Agrawal (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22 November 2021 14:00

Updated:: 29 November 2021 14:53

Resolved:: 22 November 2021 14:29