Identified some vulnerabilities on 10.2 patch
Article ID: 102348
CA Application Test
CA Continuous Application Insight (PathFinder)
Hi Team, We observed some vulnerabilities on 10.2 patch .
Please can you help on this.
List of vulnerabilities : CVE-2017-7525 CVE-2017-7525 CVE-2017-7525 CVE-2017-7525 CVE-2017-7525
Jras details: jackson-databind-2.6.5.jar jackson-databind-2.6.6.jar jackson-databind-2.6.7.jar jackson-databind-2.8.3.jar jackson-databind-2.8.8.jar
outdated jackson-databind jars.
DevTest 10.3.0 and earlier.
Unfortunately this vulnerability will not be fixed until our next release DevTest 10.4.
As per development the jackson-databind jars cannot be easily patched, since updating any of them in the current releases will break other parts of the product.