<html>
<head>
<base href="https://bugzilla.rosalinux.ru/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Platform</th>
<td>---
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - [CVE 21] jackson-databind 2.9.9.3 CVEs found"
href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13246">13246</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[CVE 21] jackson-databind 2.9.9.3 CVEs found
</td>
</tr>
<tr>
<th>Classification</th>
<td>ROSA-based products
</td>
</tr>
<tr>
<th>Product</th>
<td>Certified ROSA distros
</td>
</tr>
<tr>
<th>Version</th>
<td>Chrome
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>URL</th>
<td>CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-24616, CVE-2020-24750, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491, CVE-2020-35728, CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36518, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2021-20190, CVE-2022-42003, CVE-2022-42004,
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>CONFIRMED
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>Normal
</td>
</tr>
<tr>
<th>Component</th>
<td>System (kernel, glibc, systemd, bash, PAM...)
</td>
</tr>
<tr>
<th>Assignee</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>Reporter</th>
<td>y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>CC</th>
<td>s.matveev@rosalinux.ru, y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>Target Milestone</th>
<td>---
</td>
</tr>
<tr>
<th>Group</th>
<td>ROSA-plus-NTCIT
</td>
</tr>
<tr>
<th>Flags</th>
<td>secteam_verified?
</td>
</tr></table>
<p>
<div>
<pre>Please patch CVEs for package jackson-databind version 2.9.9.3
INFO (CVEs are): jackson-databind 2.9.9.3 cves found
CVE-2019-14540
Desc: A Polymorphic Typing issue was discovered in FasterXML jackson-databind
before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-14540">https://nvd.nist.gov/vuln/detail/CVE-2019-14540</a>
Severity: CRITICAL
CVE-2019-14892
Desc: A flaw was discovered in jackson-databind in versions before 2.9.10,
2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a
malicious object using commons-configuration 1 and 2 JNDI classes. An attacker
could use this flaw to execute arbitrary code.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-14892">https://nvd.nist.gov/vuln/detail/CVE-2019-14892</a>
Severity: CRITICAL
CVE-2019-14893
Desc: A flaw was discovered in FasterXML jackson-databind in all versions
before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of
malicious objects using the xalan JNDI gadget when used in conjunction with
polymorphic type handling methods such as `enableDefaultTyping()` or when
@JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way
which ObjectMapper.readValue might instantiate objects from unsafe sources. An
attacker could use this flaw to execute arbitrary code.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-14893">https://nvd.nist.gov/vuln/detail/CVE-2019-14893</a>
Severity: CRITICAL
CVE-2019-16335
Desc: A Polymorphic Typing issue was discovered in FasterXML jackson-databind
before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a
different vulnerability than CVE-2019-14540.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16335">https://nvd.nist.gov/vuln/detail/CVE-2019-16335</a>
Severity: CRITICAL
CVE-2019-16942
Desc: A Polymorphic Typing issue was discovered in FasterXML jackson-databind
2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a
specific property) for an externally exposed JSON endpoint and the service has
the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI
service endpoint to access, it is possible to make the service execute a
malicious payload. This issue exists because of
org.apache.commons.dbcp.datasources.SharedPoolDataSource and
org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16942">https://nvd.nist.gov/vuln/detail/CVE-2019-16942</a>
Severity: CRITICAL
CVE-2019-16943
Desc: A Polymorphic Typing issue was discovered in FasterXML jackson-databind
2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a
specific property) for an externally exposed JSON endpoint and the service has
the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service
endpoint to access, it is possible to make the service execute a malicious
payload. This issue exists because of com.p6spy.engine.spy.P6DataSource
mishandling.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16943">https://nvd.nist.gov/vuln/detail/CVE-2019-16943</a>
Severity: CRITICAL
CVE-2019-17267
Desc: A Polymorphic Typing issue was discovered in FasterXML jackson-databind
before 2.9.10. It is related to
net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-17267">https://nvd.nist.gov/vuln/detail/CVE-2019-17267</a>
Severity: CRITICAL
CVE-2019-17531
Desc: A Polymorphic Typing issue was discovered in FasterXML jackson-databind
2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a
specific property) for an externally exposed JSON endpoint and the service has
the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker
can provide a JNDI service to access, it is possible to make the service
execute a malicious payload.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-17531">https://nvd.nist.gov/vuln/detail/CVE-2019-17531</a>
Severity: CRITICAL
CVE-2019-20330
Desc: FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain
net.sf.ehcache blocking.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-20330">https://nvd.nist.gov/vuln/detail/CVE-2019-20330</a>
Severity: CRITICAL
CVE-2020-10672
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka
aries.transaction.jms).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10672">https://nvd.nist.gov/vuln/detail/CVE-2020-10672</a>
Severity: HIGH
CVE-2020-10673
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
com.caucho.config.types.ResourceRef (aka caucho-quercus).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10673">https://nvd.nist.gov/vuln/detail/CVE-2020-10673</a>
Severity: HIGH
CVE-2020-10968
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10968">https://nvd.nist.gov/vuln/detail/CVE-2020-10968</a>
Severity: HIGH
CVE-2020-10969
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to javax.swing.JEditorPane.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10969">https://nvd.nist.gov/vuln/detail/CVE-2020-10969</a>
Severity: HIGH
CVE-2020-11111
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to org.apache.activemq.* (aka
activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-11111">https://nvd.nist.gov/vuln/detail/CVE-2020-11111</a>
Severity: HIGH
CVE-2020-11112
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.commons.proxy.provider.remoting.RmiProvider (aka
apache/commons-proxy).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-11112">https://nvd.nist.gov/vuln/detail/CVE-2020-11112</a>
Severity: HIGH
CVE-2020-11113
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-11113">https://nvd.nist.gov/vuln/detail/CVE-2020-11113</a>
Severity: HIGH
CVE-2020-11619
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-11619">https://nvd.nist.gov/vuln/detail/CVE-2020-11619</a>
Severity: HIGH
CVE-2020-11620
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-11620">https://nvd.nist.gov/vuln/detail/CVE-2020-11620</a>
Severity: HIGH
CVE-2020-14060
Desc: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction
between serialization gadgets and typing, related to
oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-14060">https://nvd.nist.gov/vuln/detail/CVE-2020-14060</a>
Severity: HIGH
CVE-2020-14061
Desc: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction
between serialization gadgets and typing, related to
oracle.jms.AQjmsQueueConnectionFactory,
oracle.jms.AQjmsXATopicConnectionFactory,
oracle.jms.AQjmsTopicConnectionFactory,
oracle.jms.AQjmsXAQueueConnectionFactory, and
oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-14061">https://nvd.nist.gov/vuln/detail/CVE-2020-14061</a>
Severity: HIGH
CVE-2020-14062
Desc: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction
between serialization gadgets and typing, related to
com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-14062">https://nvd.nist.gov/vuln/detail/CVE-2020-14062</a>
Severity: HIGH
CVE-2020-14195
Desc: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction
between serialization gadgets and typing, related to
org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-14195">https://nvd.nist.gov/vuln/detail/CVE-2020-14195</a>
Severity: HIGH
CVE-2020-24616
Desc: FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction
between serialization gadgets and typing, related to
br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-24616">https://nvd.nist.gov/vuln/detail/CVE-2020-24616</a>
Severity: HIGH
CVE-2020-24750
Desc: FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction
between serialization gadgets and typing, related to
com.pastdev.httpcomponents.configuration.JndiConfiguration.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-24750">https://nvd.nist.gov/vuln/detail/CVE-2020-24750</a>
Severity: HIGH
CVE-2020-25649
Desc: A flaw was found in FasterXML Jackson Databind, where it did not have
entity expansion secured properly. This flaw allows vulnerability to XML
external entity (XXE) attacks. The highest threat from this vulnerability is
data integrity.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-25649">https://nvd.nist.gov/vuln/detail/CVE-2020-25649</a>
Severity: HIGH
CVE-2020-35490
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35490">https://nvd.nist.gov/vuln/detail/CVE-2020-35490</a>
Severity: HIGH
CVE-2020-35491
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35491">https://nvd.nist.gov/vuln/detail/CVE-2020-35491</a>
Severity: HIGH
CVE-2020-35728
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded
Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35728">https://nvd.nist.gov/vuln/detail/CVE-2020-35728</a>
Severity: HIGH
CVE-2020-36179
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36179">https://nvd.nist.gov/vuln/detail/CVE-2020-36179</a>
Severity: HIGH
CVE-2020-36180
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36180">https://nvd.nist.gov/vuln/detail/CVE-2020-36180</a>
Severity: HIGH
CVE-2020-36181
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36181">https://nvd.nist.gov/vuln/detail/CVE-2020-36181</a>
Severity: HIGH
CVE-2020-36182
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36182">https://nvd.nist.gov/vuln/detail/CVE-2020-36182</a>
Severity: HIGH
CVE-2020-36183
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36183">https://nvd.nist.gov/vuln/detail/CVE-2020-36183</a>
Severity: HIGH
CVE-2020-36184
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36184">https://nvd.nist.gov/vuln/detail/CVE-2020-36184</a>
Severity: HIGH
CVE-2020-36185
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36185">https://nvd.nist.gov/vuln/detail/CVE-2020-36185</a>
Severity: HIGH
CVE-2020-36186
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36186">https://nvd.nist.gov/vuln/detail/CVE-2020-36186</a>
Severity: HIGH
CVE-2020-36187
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36187">https://nvd.nist.gov/vuln/detail/CVE-2020-36187</a>
Severity: HIGH
CVE-2020-36188
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36188">https://nvd.nist.gov/vuln/detail/CVE-2020-36188</a>
Severity: HIGH
CVE-2020-36189
Desc: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction
between serialization gadgets and typing, related to
com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36189">https://nvd.nist.gov/vuln/detail/CVE-2020-36189</a>
Severity: HIGH
CVE-2020-36518
Desc: jackson-databind before 2.13.0 allows a Java StackOverflow exception and
denial of service via a large depth of nested objects.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36518">https://nvd.nist.gov/vuln/detail/CVE-2020-36518</a>
Severity: HIGH
CVE-2020-8840
Desc: FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain
xbean-reflect/JNDI blocking, as demonstrated by
org.apache.xbean.propertyeditor.JndiConverter.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8840">https://nvd.nist.gov/vuln/detail/CVE-2020-8840</a>
Severity: CRITICAL
CVE-2020-9546
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded
hikari-config).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-9546">https://nvd.nist.gov/vuln/detail/CVE-2020-9546</a>
Severity: CRITICAL
CVE-2020-9547
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka
ibatis-sqlmap).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-9547">https://nvd.nist.gov/vuln/detail/CVE-2020-9547</a>
Severity: CRITICAL
CVE-2020-9548
Desc: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-9548">https://nvd.nist.gov/vuln/detail/CVE-2020-9548</a>
Severity: CRITICAL
CVE-2021-20190
Desc: A flaw was found in jackson-databind before 2.9.10.7. FasterXML
mishandles the interaction between serialization gadgets and typing. The
highest threat from this vulnerability is to data confidentiality and integrity
as well as system availability.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-20190">https://nvd.nist.gov/vuln/detail/CVE-2021-20190</a>
Severity: HIGH
CVE-2022-42003
Desc: In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can
occur because of a lack of a check in primitive value deserializers to avoid
deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is
enabled. Additional fix version in 2.13.4.1 and 2.12.17.1
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42003">https://nvd.nist.gov/vuln/detail/CVE-2022-42003</a>
Severity: HIGH
CVE-2022-42004
Desc: In FasterXML jackson-databind before 2.13.4, resource exhaustion can
occur because of a lack of a check in BeanDeserializer._deserializeFromArray to
prevent use of deeply nested arrays. An application is vulnerable only with
certain customized choices for deserialization.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-42004">https://nvd.nist.gov/vuln/detail/CVE-2022-42004</a>
Severity: HIGH</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>