stocator
stocator copied to clipboard
CODAIT
Upgrade version of jackson_databind as per twistlock scan
Twistlock issue is reported to upgrade jackson-databind of stocator jar
CVE-2022-42003 | high | jackson-databind | 2.13.3 | 2.13.4.1 | /opt/ibm/connectors/stocator/stocator-1.1.5-IBM-SDK.jar | In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 | Upgrade package jackson-databind to version 2.13.4.1 or above.
CVE-2022-42004 | high | jackson-databind | 2.13.3 | 2.13.4 | /opt/ibm/connectors/stocator/stocator-1.1.5-IBM-SDK.jar | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | Upgrade package jackson-databind to version 2.13.4 or above.
