CVE-2022-42003 and CVE-2022-42004 in jackson-databind before version 2.13.4

XMLWordPrintable

    • 12

      Manual security scans will prompt for existing vulnerabilities in jackson-databind library shipped with Jira. 

      Jira Data Center v 9.3 comes with jackson-databind 2.12.1 which is vulnerable to the following:
      CVE-2022-42004
      CVE-2022-42003
      CVE-2020-36518

      The solution in this case would be to update the lib to at least 2.13.4.1, or ideally 2.4. which resolves the vulnerabilities. 

              Assignee:
              Karol Skwierawski
              Reporter:
              Piotr Natkaniec
              Votes:
              6 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: