Vulnerable jar found: jackson-databind-2.6.7.1.jar

IBMStreams / streamsx.objectstorage

The com.ibm.streamsx.objectstorage toolkit supports Object Storage services with S3 API like IBM Cloud Object Storage service.

https://ibmstreams.github.io/streamsx.objectstorage

Other

4 stars 7 forks source link

Vulnerable jar found: jackson-databind-2.6.7.1.jar #207

Closed markheger closed 4 years ago

markheger commented 4 years ago

Vulnerable jar found: jackson-databind-2.6.7.1.jar

CVEs CVE-2018-5968 CVE-2017-7525 CVE-2017-17485

markheger commented 4 years ago

suggest to replace the jar with the version 2.9.10.4 in pom.xml

<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
<dependency>
    <groupId>com.fasterxml.jackson.core</groupId>
    <artifactId>jackson-databind</artifactId>
    <version>2.9.10.4</version>
</dependency>