MUSIC Security/Vulnerability

Owned by bharathb
Aug 24, 2018
1 min read

Repository

Group

Impact Analysis

Action

Repository

Group

Impact Analysis

Action

music

org.codehaus.jackson

This is a dependency by the core library for our RESTful service(jersey-json) and our cassandra-unit library. We do not use Jackson directly and do not use createBeanDeserializer() function which has the vulnerability. We were unable to find any reference to this Vulnerability from jersey-json or cassandra-unit.

MUSIC-48: Deal with jackson-mapper-asl security vulnerabilityClosed



music

com.fasterxml.jackson.core

This is a dependency of Swagger Jersey Jaxrs library. We do not use Jackson directly and do not use createBeanDeserializer() function which has the vulnerability. To our knowledge we cannot find any reference of swagger jersey using this.

MUSIC-49: Deal with jackson-databind issueClosed