Open TimvdLippe opened 7 years ago
The first three vulnerabilities are false as far as I know, only fasterxml/jackson-xml
was affected, not the other jackson
components. CVE-2015-6420
for commons-collections
exists but is not exploitable. Just bumping the versions removes these warnings.
Using the newly integrated dependency-checker, there are several packages vulnerable to exploits: