Upgrade version of jackson_databind as per twistlock scan #315

shivangi24 · 2022-11-10T07:37:06Z

Twistlock issue is reported to upgrade jackson-databind of stocator jar

CVE-2022-42003 | high  | jackson-databind | 2.13.3 | 2.13.4.1 | /opt/ibm/connectors/stocator/stocator-1.1.5-IBM-SDK.jar | In FasterXML jackson-databind before   2.14.0-rc1, resource  exhaustion can occur because of a lack of a check in   primitive value  deserializers to avoid deep wrapper array nesting, when the    UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in    2.13.4.1 and 2.12.17.1 | Upgrade package jackson-databind to version   2.13.4.1 or above.

CVE-2022-42004 | high  | jackson-databind | 2.13.3 | 2.13.4 | /opt/ibm/connectors/stocator/stocator-1.1.5-IBM-SDK.jar | In FasterXML jackson-databind before 2.13.4, resource exhaustion can    occur because of a lack of a check in  BeanDeserializer._deserializeFromArray   to prevent use of deeply nested  arrays. An application is vulnerable only   with certain customized  choices for deserialization. | Upgrade package jackson-databind to version 2.13.4 or above.

The text was updated successfully, but these errors were encountered:

shivangi24 · 2022-11-10T07:37:23Z

PR for update : #314

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade version of jackson_databind as per twistlock scan #315

Upgrade version of jackson_databind as per twistlock scan #315

shivangi24 commented Nov 10, 2022 •

edited

Loading

shivangi24 commented Nov 10, 2022

Upgrade version of jackson_databind as per twistlock scan #315

Upgrade version of jackson_databind as per twistlock scan #315

Comments

shivangi24 commented Nov 10, 2022 • edited Loading

shivangi24 commented Nov 10, 2022

shivangi24 commented Nov 10, 2022 •

edited

Loading