[DepShield] com.fasterxml.jackson.core:jackson-databind:2.8.11 is vulnerable to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data

alexgaspard / moneytransfer

MIT License

0 stars 0 forks source link

[DepShield] com.fasterxml.jackson.core:jackson-databind:2.8.11 is vulnerable to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data #1

Closed sonatype-depshield[bot] closed 5 years ago

sonatype-depshield[bot] commented 5 years ago

Component: com.fasterxml.jackson.core:jackson-databind:2.8.11
CVSS Score: 9.8
Vulnerability: [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data

Details about the vulnerability are available on the OSS Index page for [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

sonatype-depshield[bot] commented 5 years ago

Thank you for being an early adopter of DepShield. In an effort provide a more component-centric view of vulnerabilities we are consolidating your issue(s), moving them to a new format, and closing this issue. You can find the new issue here: #3