Jackson JSON library vulnerability CVE-2017-15095

A vulnerability CVE-2017-15095 exists in the Jackson JSON library versions prior to 2.9.2. The recommended solution has been made to upgrade to Jackson 2.9.3.

We are currently running Jira v7.4.3#74005

Here are some of the .jar files that have been pointed out as needed to be remediation.

jackson-databind-2.3.2.jar

jackson-annotations-2.3.0.jar

jackson-core-2.3.2.jar

jackson-mapper-asl-1.9.13-atlassian-1.jar

I'm looking for remediation steps for CVE-2017-15095  but has been unsuccessful in finding any.

1 answer

0 vote

Hi Ethan,


Take a look at the Atlassian Security Advisories page.  Since Jira itself is not using the affected Struts component Jira is not affected by this vulnerability outlined in CVE-2017-15095 on Apache Struts.

Let us know if you have any remaining questions.

Cheers,

Branden

Thank you for the quick response Branden. Would removing these .jar files still allow for JIRA to function without issue for the end user?

JIRA was already installed on the server so I'm not really familiar with the ins and outs of it.  I'm just trying to gather a greater understanding.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Posted Mar 28, 2018 in Jira Software

Can a company’s culture make or break agile adoption?

Can a new-to-agile team survive and thrive in a non-agile culture? If so, what advice would you give to those trying to be agile in a non-agile culture? What's the key(s) to success? Share your thoug...

13,572 views 16 15
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you