Is there a fixing vulnerability(CVE-2023-3894 / TOML) plan for versions earlier than 2.15(such as 2.13)?

Question

Is there a fixing vulnerability(CVE-2023-3894 / TOML) plan for versions earlier than 2.15(such as 2.13)?

rancho628 opened this issue a year ago · comments

Is there a fixing vulnerability(CVE-2023-3894) plan for versions earlier than 2.15(such as 2.13)?
Thank!

Jonas Konrad · Answer 1 · Wed Aug 16 2023 16:29:13 GMT+0800 (China Standard Time)

Note that CVE-2023-3894 only affects the toml module, not other parts of jackson-dataformats-text.

@henryrneh Was this CVE created by you? As mentioned in #387, it only affects the toml module. However the CPE is stated as cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*, not limited to the toml module. If this was submitted by you, can you please update it with a more specific CPE?

Tatu Saloranta · Answer 2 · Sat Aug 19 2023 11:29:41 GMT+0800 (China Standard Time)

No plans to backport into earlier versions.