search

awslabs / aws-saas-boost

AWS SaaS Boost is a ready-to-use toolset that removes the complexity of successfully running SaaS workloads in the AWS cloud.
Apache License 2.0
957 stars 188 forks source link

fix(sec): upgrade com.fasterxml.jackson.core:jackson-databind to 2.14.0-rc1 #470

Closed 1derian closed 1 year ago

1derian commented 1 year ago

What happened?

There are 1 security vulnerabilities found in com.fasterxml.jackson.core:jackson-databind 2.13.4.1

What did I do?

Upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.4.1 to 2.14.0-rc1 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

PoeppingT commented 1 year ago

According to the CVE record on https://nvd.nist.gov/vuln/detail/CVE-2022-42003 this issue is only present in Jackson before 2.13.4.1, but is fixed in 2.13.4.1.

Closing this issue as a false alarm.