Bug 14188

Summary:	[CVE 21] jackson-databind 2.9.10.8 CVE found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	s.matveev
Version:	All	Flags:	v.potapov: secteam_verified?
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-29 15:27:21 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-35116

Comment 1 Vladimir Potapov 2024-01-15 10:32:21 MSK

medium

Comment 2 Svyatoslav Matveev 2024-01-16 13:23:02 MSK

Сообщество jackson считают его ложным.

https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1596193098

https://github.com/rahulrane50/zookeeper/commit/4b862c7704e13dddff56603d4e902368a147e5e4#:~:text=%2D%20CVE%2D2023%2D35116%3A%20according%20to%20jackson%20community%2C%20this%20is%20not%20a%20security%20issue%2C