You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2020-28491: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.10.0:compile is used in fhir-bucket and fhir-bulkimportexport-webapp
#1973
Closed
prb112 opened this issue
Feb 22, 2021
· 0 comments
· Fixed by #1974
Describe the bug CVE-2020-28491: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.10.0:compile is used in fhir-bucket and fhir-bulkimportexport-webapp
There is a corresponding CVE which recommends updating databind.
This should workaround the root cause of issue #1973 and prevent
`--update-schema` from trying to apply updates that have already been
applied.
The root cause will need to be addressed in a separate PR.
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
Describe the bug
CVE-2020-28491: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.10.0:compile is used in fhir-bucket and fhir-bulkimportexport-webapp
There is a corresponding CVE which recommends updating databind.
[INFO] com.ibm.fhir:fhir-bulkimportexport-webapp:war:4.6.0-SNAPSHOT
[INFO] +- com.ibm.cos:ibm-cos-java-sdk:jar:2.9.0:compile
[INFO] | +- com.ibm.cos:ibm-cos-java-sdk-s3:jar:2.9.0:compile
[INFO] | +- com.ibm.cos:ibm-cos-java-sdk-kms:jar:2.9.0:compile
[INFO] | | - javax.annotation:javax.annotation-api:jar:1.3.1:compile
[INFO] | - com.ibm.cos:ibm-cos-java-sdk-core:jar:2.9.0:compile
[INFO] | +- javax.xml.bind:jaxb-api:jar:2.3.0:compile
[INFO] | +- com.sun.xml.bind:jaxb-core:jar:2.3.0:compile
[INFO] | +- com.sun.xml.bind:jaxb-impl:jar:2.3.0:compile
[INFO] | +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] | +- software.amazon.ion:ion-java:jar:1.2.0:compile
[INFO] | +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.10.0:compile
[INFO] | - joda-time:joda-time:jar:2.8.2:compile
com.ibm.fhir:fhir-bucket:jar:4.6.0-SNAPSHOT
[INFO] +- com.ibm.cos:ibm-cos-java-sdk:jar:2.9.0:compile
[INFO] | +- com.ibm.cos:ibm-cos-java-sdk-s3:jar:2.9.0:compile
[INFO] | +- com.ibm.cos:ibm-cos-java-sdk-kms:jar:2.9.0:compile
[INFO] | | - javax.annotation:javax.annotation-api:jar:1.3.1:compile
[INFO] | - com.ibm.cos:ibm-cos-java-sdk-core:jar:2.9.0:compile
[INFO] | +- javax.xml.bind:jaxb-api:jar:2.3.0:compile
[INFO] | +- com.sun.xml.bind:jaxb-core:jar:2.3.0:compile
[INFO] | +- com.sun.xml.bind:jaxb-impl:jar:2.3.0:compile
[INFO] | +- software.amazon.ion:ion-java:jar:1.2.0:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.12.1:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.12.1:compile
[INFO] | | - com.fasterxml.jackson.core:jackson-core:jar:2.12.1:compile
[INFO] | +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.10.0:compile
[INFO] | - joda-time:joda-time:jar:2.8.2:compile
To Reproduce
Steps to reproduce the behavior:
Expected behavior
n/a
Additional context
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491
The text was updated successfully, but these errors were encountered: