[HIVE-28073] Upgrade jackson version to 2.16.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0
Component/s: None
Labels:
- pull-request-available

Description

Jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies.
https://nvd.nist.gov/vuln/detail/CVE-2023-35116
https://github.com/FasterXML/jackson-databind/issues/3972

Attachments

Issue Links

fixes

HIVE-28269 Please have regular releases of hive and its docker image

Open

links to

GitHub Pull Request #5081

Activity

People

Assignee:: Araika Singh

Reporter:: Araika Singh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Feb/24 17:42

Updated:: 05/Jun/24 03:59

Resolved:: 03/Mar/24 07:46