Numerous Jackson CVEs affecting SJC #126

pmonks · 2018-10-18T01:38:36Z

At the time of writing, there are 40 CVEs raised against jackson-databind v2.9.4. They are listed below.

Although it's not a direct dependency, SJC transitively depends on jackson-databind v2.9.4 via jackson-jaxrs-json-provider v2.9.4 and jackson-jaxrs-base v2.9.4.

The CVEs in question are:

CVE-2018-1000873
CVE-2018-11307
CVE-2018-12022
CVE-2018-12023
CVE-2018-14718
CVE-2018-14719
CVE-2018-14720
CVE-2018-14721
CVE-2018-19360
CVE-2018-19361
CVE-2018-19362
CVE-2018-7489
CVE-2019-12086
CVE-2019-12384
CVE-2019-12814
CVE-2019-14379
CVE-2019-14439
CVE-2019-14540
CVE-2019-14892
CVE-2019-14893
CVE-2019-16335
CVE-2019-16942
CVE-2019-16943
CVE-2019-17267
CVE-2019-17531
CVE-2019-20330
CVE-2020-10672
CVE-2020-10673
CVE-2020-10968
CVE-2020-10969
CVE-2020-11111
CVE-2020-11112
CVE-2020-11113
CVE-2020-11619
CVE-2020-11620
CVE-2020-8840
CVE-2020-9546
CVE-2020-9547
CVE-2020-9548

pmonks changed the title ~~CVE-2018-7489 affecting SJC~~ Numerous Jackson CVEs affecting SJC Apr 16, 2020

pmonks mentioned this issue Apr 16, 2020

Configure WhiteSource for GitHub.com - autoclosed symphonyoss/clj-symphony#15

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Numerous Jackson CVEs affecting SJC #126

Numerous Jackson CVEs affecting SJC #126

pmonks commented Oct 18, 2018 •

edited

Loading

Numerous Jackson CVEs affecting SJC #126

Numerous Jackson CVEs affecting SJC #126

Comments

pmonks commented Oct 18, 2018 • edited Loading

pmonks commented Oct 18, 2018 •

edited

Loading