Vulnerability found in org.codehaus.jackson:jackson-mapper-asl

IBMStreams / streamsx.objectstorage

The com.ibm.streamsx.objectstorage toolkit supports Object Storage services with S3 API like IBM Cloud Object Storage service.

https://ibmstreams.github.io/streamsx.objectstorage

Other

4 stars 7 forks source link

Vulnerability found in org.codehaus.jackson:jackson-mapper-asl #200

Closed schubon closed 4 years ago

schubon commented 4 years ago

Details

CVE-2019-10172

moderate severity Vulnerable versions: <= 1.9.13 Patched version: No fix

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

Affected

test/java/com.ibm.streamsx.objectstorage.test/pom.xml
com.ibm.streamsx.objectstorage/pom.xml

Remediation

No patched version is available.

markheger commented 4 years ago

no update since 2013 available, dependency to org.codehaus.jackson:jackson-mapper-asl results on S3 client /stocator