advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-rpr3-cw39-3pxh] jackson-databind before 2.9.10.4 vulnerable to unsafe deserialization

Open vienngochoaitran opened this issue 3 years ago • 2 comments

Updates

  • Affected products

vienngochoaitran avatar Jul 16 '22 05:07 vienngochoaitran

Hi @vienngochoaitran, are you trying to say that com.fasterxml.jackson.core:jackson-databind hasn't been patched for this vulnerability? If so, do you have a reference supporting that?

darakian avatar Jul 18 '22 20:07 darakian

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Aug 12 '22 00:08 taladrane