Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚨 vulnerable dependency maven:com.fasterxml.jackson.core:jackson-databind:2.10.1 #109

Open
Bindambc opened this issue Aug 4, 2023 · 0 comments
Open

🚨 vulnerable dependency maven:com.fasterxml.jackson.core:jackson-databind:2.10.1 #109

Bindambc opened this issue Aug 4, 2023 · 0 comments
Assignees
@Bindambc
Labels
bug Something isn't working dependencies Pull requests that update a dependency file

Comments

@Bindambc
Copy link
Owner

Bindambc commented Aug 4, 2023

Provides transitive vulnerable dependency maven:com.fasterxml.jackson.core:jackson-databind:2.10.1

-CVE-2020-25649 7.5 Improper Restriction of XML External Entity Reference vulnerability pending CVSS allocation
-CVE-2021-20190 8.1 Deserialization of Untrusted Data vulnerability pending CVSS allocation
-CVE-2020-10650 8.1 Deserialization of Untrusted Data vulnerability with high severity found
-Cxced0c06c-935c 5.9 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
-CVE-2020-36518 7.5 Out-of-bounds Write vulnerability pending CVSS allocation
-CVE-2022-42003 7.5 Deserialization of Untrusted Data vulnerability pending CVSS allocation
-CVE-2022-42004 7.5 Deserialization of Untrusted Data vulnerability pending CVSS allocation
-CVE-2021-46877 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation
@Bindambc Bindambc self-assigned this Aug 4, 2023
@Bindambc Bindambc added bug Something isn't working dependencies Pull requests that update a dependency file labels Aug 4, 2023
@Bindambc Bindambc changed the title vulnerable dependency maven:com.fasterxml.jackson.core:jackson-databind:2.10.1 🚨 vulnerable dependency maven:com.fasterxml.jackson.core:jackson-databind:2.10.1 Aug 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bindambc Bindambc

Labels
bug Something isn't working dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Bindambc