fix security vulnerability in SPARK pom.xml
Closed this issue · 0 comments
kozbo commented
HumanCellAtlas/data-consumer-vignettes:tasks/SPARK/pom.xml
Note:
Vulnerable Functions
com/fasterxml/jackson/databind/ObjectMapper.enableDefaultTyping
Overview
com.fasterxml.jackson.core:jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker could perform a Remote Code Execution attack, if the user is handling untrusted content or using the Default Typing feature. an incomplete fix for the CVE-2017-7525 deserialization flaw.