FasterXML jackson-databind: Multiple vulnerabilities Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service. jackson-databind 2022-10-31 2022-10-31 874033 remote 2.13.4.1 2.13.4.1

FasterXML jackson-databind is a general data-binding package for Jackson (2.x) which works on streaming API (core) implementation(s).

Multiple vulnerabilities have been discovered in FasterXML jackson-databind. Please review the CVE identifiers referenced below for details.

Please review the referenced CVE identifiers for details.

There is no known workaround at this time.

All FasterXML jackson-databind users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/jackson-databind-2.13.4.1" CVE-2022-42003 CVE-2022-42004 ajak ajak