Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1384

Update jackson-databind to 2.13.4 due to 3rd-party vulnerability issue CVE-2022-42004

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 1.13.15, 2.4.1
    • 1.13.16, 2.5.0
    • None
    • None
    • CVE-2022-42004

    Description

      Current Situation

      The JS1 and JS7 JOC Cockpit use jackson-databind 2.13.2.1.

      A vulnerability affects this version, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004.

      We rate this vulnerability as LOW as nested arrays are not supported in the JOC api.

      Desired Behavior

      The JS1 and JS7 JOC Cockpit should use jackson-databind 2.13.4 which solves the issue.

      Attachments

        Issue Links

          relates to

          Fix - JOC-1392 Update jackson-databind to 2.13.4.1 due to 3rd-party vulnerability issue CVE-2022-42003

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Activity

            People

              sp Santiago Aucejo Petzoldt
              sp Santiago Aucejo Petzoldt
              Pratishtha Pandey Pratishtha Pandey
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: