SUSE-SU-2021:0243-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0243-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2021:0243-1

Related

Published

2021-01-29T08:37:34Z

Modified

2021-01-29T08:37:34Z

Summary

Security update for jackson-databind

Details

This update for jackson-databind fixes the following issues:

jackson-databind was updated to 2.10.5.1: * #2589: DOMDeserializer: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue('123', Void.TYPE)' throws 'should never occur'

References

Affected packages

SUSE:Linux Enterprise Module for Development Tools 15 SP2 / jackson-databind

Package

Name: jackson-databind
Purl: purl:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.5.1-3.3.2

Ecosystem specific

{
    "binaries": [
        {
            "jackson-databind": "2.10.5.1-3.3.2"
        }
    ]
}