CVE-2022-42003 and CVE-2022-42004 in jackson-databind before version 2.13.4

XMLWordPrintable

    • 12

      Manual security scans will prompt for existing vulnerabilities in jackson-databind library shipped with Jira. 

      Jira Data Center v 9.3 comes with jackson-databind 2.12.1 which is vulnerable to the following:
      CVE-2022-42004
      CVE-2022-42003
      CVE-2020-36518

      The solution in this case would be to update the lib to at least 2.13.4.1, or ideally 2.4. which resolves the vulnerabilities. 

            Assignee:
            Karol Skwierawski
            Reporter:
            Piotr Natkaniec
            Votes:
            6 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: