[SET-197] FasterXML jackson-databind 2.9.10.4 to 2.9.10.5 due to 3rd party vulnerabilities CVE-2020-14195, CVE-2020-14062, CVE-2020-14060, CVE-2020-14061 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.13.4
Fix Version/s: 1.13.5
Labels:
None

CVE-ID:
CVE-2020-14195, CVE-2020-14062, CVE-2020-14060, CVE-2020-14061

Description

Current Situation

JOC Cockpit uses the 3rd party library jackson-databind version 2.9.10.4
A number of vulnerabilities affect this Jackson Databind version, see https://nvd.nist.gov/vuln/detail/CVE-2020-14195 etc.

Desired Behavior

Due to vulnerability Issues of older jackson-databind releases the JOC Cockpit should use the current version 2.9.10.5 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Andreas Püschel

Approver:: Kanika Agrawal (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18 June 2020 16:13

Updated:: 05 August 2020 17:55

Resolved:: 24 June 2020 08:24