functions-framework-java CVE-2022-42004: Transitive dependency (jackson) from io.cloudevents:cloudevents-json-jackson vulnerable

CVE-2022-42004: Transitive dependency (jackson) from io.cloudevents:cloudevents-json-jackson vulnerable

Open stummb opened this issue 1 year ago • 2 comments

jackson-json is included transitively via cloudevents-json-jackson. The included version is vulnerable (CVE-2022-42004).

The version is updated there (https://github.com/cloudevents/sdk-java/issues/588), but needs to be released. As soon as this is done, it can be updated here.

Is it advisable to use dependency overrides until then?

Oct 09 '23 10:10 stummb

functions-framework-java functions-framework-java copied to clipboard

CVE-2022-42004: Transitive dependency (jackson) from io.cloudevents:cloudevents-json-jackson vulnerable

functions-framework-java
functions-framework-java copied to clipboard