jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
[Add a description of your pull request here]
azure-kusto-java sdk uses a version of jackson databind which is vulnerable to CVE-2020-36518.
Future Release Comment
[Add description of your change, to include in the next release][Delete any or all irrelevant sections, e.g. if your change does not warrant a release comment at all]
Breaking Changes:
None
Features:
None
Fixes:
excluded the vulnerable jackson version from azure-kusto-java and upgraded the version to 2.13.3
Pull Request Description
fix CVE-2020-36518 : Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
[Add a description of your pull request here]
azure-kusto-java sdk uses a version of jackson databind which is vulnerable to CVE-2020-36518.
Future Release Comment
[Add description of your change, to include in the next release] [Delete any or all irrelevant sections, e.g. if your change does not warrant a release comment at all]
Breaking Changes:
Features:
Fixes: