Closed SunBK201 closed 1 day ago
Hi @SunBK201, all of the reference links for GHSA-qxxx-2pp7-5hmx that I checked say that versions of com.fasterxml.jackson.core:jackson-databind
prior to version 2.6.0 are affected by CVE-2017-7525. I'm unable to find any evidence in
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind or the reference links of GHSA-qxxx-2pp7-5hmx to demonstrate that com.fasterxml.jackson.core:jackson-databind
prior to version 2.6.0 is not affected by CVE-2017-7525. Unless you are able to find evidence that versions prior to 2.6.0 aren't vulnerable, I can't accept the contribution.
Updates
Comments https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind