Is there a fixing vulnerability(CVE-2023-3894 / TOML) plan for versions earlier than 2.15(such as 2.13)?
rancho628 opened this issue · comments
Is there a fixing vulnerability(CVE-2023-3894) plan for versions earlier than 2.15(such as 2.13)?
Thank!
Note that CVE-2023-3894 only affects the toml module, not other parts of jackson-dataformats-text.
@henryrneh Was this CVE created by you? As mentioned in #387, it only affects the toml module. However the CPE is stated as cpe:2.3:a:fasterxml:jackson-dataformats-text:*:*:*:*:*:*:*:*
, not limited to the toml module. If this was submitted by you, can you please update it with a more specific CPE?
No plans to backport into earlier versions.