Title: Using a component with known vulnerability - `jackson-databind` 2.8.11.1 · Issue #504 · msgpack/msgpack-java · GitHub
Open Graph Title: Using a component with known vulnerability - `jackson-databind` 2.8.11.1 · Issue #504 · msgpack/msgpack-java
X Title: Using a component with known vulnerability - `jackson-databind` 2.8.11.1 · Issue #504 · msgpack/msgpack-java
Description: Similar to #463, the latest msgpack-java (version 0.8.16) still uses jackson-databind (version 2.8.11.1) that has security vulnerabilities. See https://www.sourceclear.com/vulnerability-database/security/deserialisation-of-untrusted-data...
Open Graph Description: Similar to #463, the latest msgpack-java (version 0.8.16) still uses jackson-databind (version 2.8.11.1) that has security vulnerabilities. See https://www.sourceclear.com/vulnerability-database/se...
X Description: Similar to #463, the latest msgpack-java (version 0.8.16) still uses jackson-databind (version 2.8.11.1) that has security vulnerabilities. See https://www.sourceclear.com/vulnerability-database/se...
Opengraph URL: https://github.com/msgpack/msgpack-java/issues/504
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Using a component with known vulnerability - `jackson-databind` 2.8.11.1","articleBody":"Similar to #463, the latest `msgpack-java` (version 0.8.16) still uses `jackson-databind` (version 2.8.11.1) that has security vulnerabilities.\r\nSee https://www.sourceclear.com/vulnerability-database/security/deserialisation-of-untrusted-data/java/sid-8093.\r\n* The earliest recommended version to upgrade to is 2.9.9, as the whole 2.8.x range is affected by this or other issues.\r\n\r\nP.S. Unfortunately this specific vulnerability is due to an incomplete fix of the same CVE that caused #463, so @komamitsu is spot on [when saying](https://github.com/msgpack/msgpack-java/issues/463#issuecomment-367017684)\r\n\r\n\u003e It's like whack-a-mole...","author":{"url":"https://github.com/dimitarndimitrov","@type":"Person","name":"dimitarndimitrov"},"datePublished":"2019-06-15T10:50:59.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/504/msgpack-java/issues/504"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:d5836118-63f3-1d7d-f615-fe0cf63eaff6 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | CB46:245004:51FE683:733E0FC:6A570A6A |
| html-safe-nonce | a958a317a93dfbeb9365eddea4a1f6d2b07f4412466d26db3a943a492cc00921 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDQjQ2OjI0NTAwNDo1MUZFNjgzOjczM0UwRkM6NkE1NzBBNkEiLCJ2aXNpdG9yX2lkIjoiNjQxNjE5MjgzODU4NjI3MjM2MiIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | eec4e2c47bb59b975608c31abb5e948046740ed63a8a1ae99363600e503a962d |
| hovercard-subject-tag | issue:456525887 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/msgpack/msgpack-java/504/issue_layout |
| twitter:image | https://opengraph.githubassets.com/552dee1d0f59f5ba8dab72bb81e29e99f9a9018401ef037a9c5818a45d711dc1/msgpack/msgpack-java/issues/504 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/552dee1d0f59f5ba8dab72bb81e29e99f9a9018401ef037a9c5818a45d711dc1/msgpack/msgpack-java/issues/504 |
| og:image:alt | Similar to #463, the latest msgpack-java (version 0.8.16) still uses jackson-databind (version 2.8.11.1) that has security vulnerabilities. See https://www.sourceclear.com/vulnerability-database/se... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | dimitarndimitrov |
| hostname | github.com |
| expected-hostname | github.com |
| None | 4eb29e5f807bd95e41196adfbc6d28f9af12d89830d8b684f3e871774ddff2fc |
| turbo-cache-control | no-preview |
| go-import | github.com/msgpack/msgpack-java git https://github.com/msgpack/msgpack-java.git |
| octolytics-dimension-user_id | 198264 |
| octolytics-dimension-user_login | msgpack |
| octolytics-dimension-repository_id | 1971346 |
| octolytics-dimension-repository_nwo | msgpack/msgpack-java |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 1971346 |
| octolytics-dimension-repository_network_root_nwo | msgpack/msgpack-java |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | b056788a129fb0194b61f2ebb4c43f6a9f4dfd27 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width