Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-2730

resteasy-jackson2-provider has critical security vulnerabilities

    XMLWordPrintable

Details

    • Component Upgrade
    • Resolution: Done
    • Major
    • 3.15.0.Final
    • 3.14.0.Final
    • None
    • None
    • Undefined

    Description

      com.fasterxml.jackson.core_jackson-databind@2.9.6 dependency seems to be the one with the actual critical vulnerabilities :

       

      CVE-2019-14540

      CVE-2020-9546

      CVE-2019-16335

      CVE-2020-9547

      CVE-2020-9548

       

      Those seem to be fixed in latest version 2.11.3: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.11.3 

      Attachments

        Issue Links

          is blocked by

          Task - Represents a small unit of work that is not end-user facing. RESTEASY-2830 Update dependencies for 3.15.0.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-support-asoldano Alessio Soldano
              rvillane Mario Rodriguez (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: