-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability fix for jackson databind #150
Comments
dk1844
added a commit
that referenced
this issue
Nov 23, 2022
…y lowest fixed version), Spark3 version - currently latest
dk1844
added a commit
that referenced
this issue
Nov 23, 2022
….12.7.1 - currently lowest fixed version), Spark3 version - currently latest
dk1844
added a commit
that referenced
this issue
Dec 7, 2022
….12.7.1 - currently lowest fixed version), Spark3 version - currently latest (#151)
Closed via #151 |
This was referenced Dec 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current versions of Jason databind are affected by a number of direct vulnerabilities.
CVE-2022-42004
CVE-2022-42003
CVE-2020-36518
See e.g. https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.12.3 for overview
Related to #145 that suggests a version update for Spark2 version
The text was updated successfully, but these errors were encountered: