Closed MagielBruntink closed 2 years ago
Thanks for reporting the issue. I can also take a look at the issue if someone else is not.
@MagielBruntink, I have looked at the vuln. statement for CVE-2020-36518
. It does have the version 2.13.2
declared as vulnerable. See the extracted PURLs:
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2"
I might not have understood what is exactly the issue.
Nice, yesterday it didn’t :-)
2.13.2.0
and2.12.6.0
for comparison https://github.com/advisories/GHSA-57j2-w4cx-62h2Fix would be to make the version range enumeration and matching more robust against this.