adejanovski
commented
1 year ago We don't have a fix version for this yet, and I don't know if Reaper is affected by this CVE.
Open vchauhan81 opened 1 year ago
adejanovski
commented
1 year ago We don't have a fix version for this yet, and I don't know if Reaper is affected by this CVE.
SarthakSahu
commented
11 months ago Do you have a fix plan now ?
adejanovski
commented
11 months ago We will fix vulnerabilities as part of this ticket. Work hasn't started yet on it.
Project board link
We are using cassandra-reaper version 3.2.0 in our product. Recently we did Blackduck security scan and following issue was reported for reaper. Component name : jackson-databind
Component version name : 2.10.5.1
CVE - - Score CVE-2022-42003 (BDSA-2022-2765) - 7.5 CVE-2022-42004 (BDSA-2022-2768) - 7.5 CVE-2020-36518 (BDSA-2020-4752) - 7.5
Can you please help us to confirm -
if version 3.2.0 is vulnerable for these CVE ? if yes, in which version the fix would be available ?
┆Issue is synchronized with this Jira Story by Unito ┆Issue Number: REAP-79