[JOC-1532] Update jackson-databind to 2.14.2 due to 3rd-party vulnerability issue CVE-2022-42003 - SOS JIRA

XML

Word

Printable

Details

Type: Feature
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13.18
Fix Version/s: 1.13.19
Component/s: JOC Cockpit Web Service
Labels:
None

CVE-ID:
CVE-2022-42003

Description

Current Situation

JS1 uses jackson-databind 2.13.4.1.
A vulnerability affects this version, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003.
We rate this vulnerability as LOW as nested arrays are not supported.

Desired Behavior
The JS1 and JS7 JOC Cockpit should use jackson-databind 2.14.2 which solves the issue.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Ajay Kumbhkar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03 April 2023 06:14

Updated:: 11 July 2023 16:18

Resolved:: 03 April 2023 07:46