Use Moqui Framework to build enterprise applications based on Java. It includes tools for databases (relational, graph, document), local and web services, web and other UI with screens and forms, security, file/resource access, scripts, templates, l10n, caching, logging, search, rules, workflow, multi-instance, and integration.
Path to dependency file: /tmp/ws-scm/moqui-framework/framework/build.gradle
Path to vulnerable library: le/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.9.2/d18b4dec691df396916ecd5bd5aab99d0abdcb15/jackson-databind-2.9.9.2.jar
CVE-2019-14540 - High Severity Vulnerability
Vulnerable Library - jackson-databind-2.9.9.2.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/moqui-framework/framework/build.gradle
Path to vulnerable library: le/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.9.2/d18b4dec691df396916ecd5bd5aab99d0abdcb15/jackson-databind-2.9.9.2.jar
Dependency Hierarchy: - :x: **jackson-databind-2.9.9.2.jar** (Vulnerable Library)
Found in HEAD commit: 95a549e4efda6f7df1960d92888d2e9e6b3b148d
Vulnerability Details
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Publish Date: 2019-09-15
URL: CVE-2019-14540
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x
Release Date: 2019-09-15
Fix Resolution: 2.9.10
Step up your Open Source Security Game with WhiteSource here