search

aws / amazon-kinesis-video-streams-parser-library

Amazon Kinesis Video Streams parser library is for developers to include in their applications that makes it easy to work with the output of video streams such as retrieving frame-level objects, metadata for fragments, and more.
Apache License 2.0
103 stars 52 forks source link

Current build has Transitive Depency on Jackson jar that has a Vulnerability w/score 9.8 #122

Closed chrisfabri closed 3 years ago

chrisfabri commented 3 years ago

Library amazon-kinesis-video-streams-parser-library:1.0.15 has a transitive dependency on

But this depndency has a vulnerability with score 9.8 associated with it.

Dependency: MAVEN - com.fasterxml.jackson.core:jackson-databind:2.6.7.4:jar

  RejectReasons (1)

    RejectReason:   99234216-fe64-4e14-bc93-efc5c238e539

      Type:               VULNERABILITY

      Name:               SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111

      CVSS Score v3:      9.8

      Severity:           severe

      Description Link:   https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111

Dependency: MAVEN - com.fasterxml.jackson.core:jackson-annotations:2.6.0:jar
hassanctech commented 3 years ago

It has been updated, please feel free to close this ticket if that works for you.