Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-70971

RCE in jackson-databind

XMLWordPrintable

      Issue Summary

      Jira Server used a vulnerable version of jackson-databind .
      In specific, the issue was present in FasterXML jackson-databind 2.x before 2.9.10.2 . More information here: https://nvd.nist.gov/vuln/detail/CVE-2019-20330.
      Upgrade jackson-databind to at least version 2.9.10.20200103 .

      Steps to Reproduce

      n/a

      Expected Results

      n/a

      Actual Results

      n/a

      Workaround

      N/A

            mostaszewski@atlassian.com Mateusz Ostaszewski
            aminozhenko alexmin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: