Details
-
Fix
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
1.13.15, 2.4.1
-
None
-
None
-
CVE-2022-42003
Description
Current Situation
The JS1 and JS7 JOC Cockpit use jackson-databind 2.13.2.1.
A vulnerability affects this version, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003.
We rate this vulnerability as LOW as nested arrays are not supported in the JOC api.
Desired Behavior
The JS1 and JS7 JOC Cockpit should use jackson-databind 2.13.4.1 which solves the issue.
Attachments
Issue Links
- is related to
-
JOC-1384 Update jackson-databind to 2.13.4 due to 3rd-party vulnerability issue CVE-2022-42004
- Released