Closed wkurniawan07 closed 8 months ago
We'd also be interested in this release, as Jackson 2.13.3 has 3 open CVEs
Note that 2.13.4.2 is still vulnerable for the last one, best would be an update to 2.16.1
Hello! I am from twilio and I have looked at this PR. I created #745 that will be addressing this issue. Closing this PR here. Please create a new issue if further assistance is needed. Thanks!
Fixes
Updates jackson-related libraries to 2.13.4 or 2.13.4.2 (latest version for 2.13). This mitigates CVE-2022-42003 and CVE-2022-42002.