Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 8.11.0, 7.13.16, 8.5.7, 8.9.2, 8.10.1
Affects Version/s: 8.8.1
Component/s: REST API
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 8.5
Introduced in Version:
8.08
Support reference count:
1
Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

Jira Server used a vulnerable version of jackson-databind .
In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330.
Upgrade jackson-databind to at least version 2.9.10.20200103 .

Steps to Reproduce

n/a

Expected Results

n/a

Actual Results

n/a

Workaround

N/A

Attachments

Issue Links

relates to: RAID-1938 Loading...

Activity

People

Assignee:: Mateusz Ostaszewski

Reporter:: alexmin (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Due:: 26/Jul/2020

Created:: 27/Apr/2020 3:45 AM

Updated:: 18/Aug/2020 2:33 AM

Resolved:: 15/Jul/2020 12:26 PM