GHSA-9xfc-j5mf-9w5p Does this vulnerability also contain org.jboss.resteasy:resteasy-jackson-provider?

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.75k stars 336 forks source link

GHSA-9xfc-j5mf-9w5p Does this vulnerability also contain org.jboss.resteasy:resteasy-jackson-provider? #4976

Closed zhangzhenyu2 closed 3 weeks ago

zhangzhenyu2 commented 4 weeks ago

Because I found org.jboss.resteasy/resteasy-jackson-provider/3.0.8. Final also includes JacksonJsonpInterceptor.class

Case:

https://www.acunetix.com/vulnerabilities/sca/cve-2016-6348-vulnerability-in-maven-package-org-jboss-resteasy-resteasy-jackson-provider/
https://www.acunetix.com/vulnerabilities/sca/cve-2016-6348-vulnerability-in-maven-package-org-jboss-resteasy-resteasy-jackson2-provider/

JonathanLEvans commented 3 weeks ago

Hi @zhangzhenyu2, thank you for your contribution. To suggest adding a new package, please use our improvement suggestion form. This will ensure a timely response and you get credit for the change.