-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-42003 - ibm-cos-java-sdk-bundle 2.12.0 contains vulnerable in jackson-databind 2.13.3 #56
Comments
@mkrakow - Thanks for your report. We have an internal ticket to complete this work. |
@IBMalok do you have an idea when that will be completed? |
@tcherel - We're going to release soon. |
Closing this issue as resolved. |
@IBMalok my apologies, forgot to update the git issue to confirm that the issue is indeed fixed. |
The library jackson-databind version 2.13.3 is embedded in the latest version 2.12.0 of ibm-cos-java-sdk-bundle .
According to GHSA-57j2-w4cx-62h2 the above version of Jackson Databind is vulnerable.
Could you please fix COS Java SDK bundle with updated Jackson Databind library to 2.14.0 ?
The text was updated successfully, but these errors were encountered: