Closed sonatype-depshield[bot] closed 5 years ago
@DarthHater - looks like we get this dep via inheritance from core, think this issue should probably be closed since there's not much this repo can do about it?
Not technically, we can update to Nexus Repo 3.15 (which just went live). That's likely the course of action on these if it's something we get from the parent.
Vulnerabilities
DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.9.2 results in the following vulnerability(s):
Occurrences
com.fasterxml.jackson.core:jackson-databind:2.9.2 is a transitive dependency introduced by the following direct dependency(s):
• org.sonatype.nexus:nexus-plugin-api:3.14.0-04 └─ com.fasterxml.jackson.core:jackson-databind:2.9.2 └─ org.sonatype.nexus:nexus-blobstore-api:3.14.0-04 └─ com.fasterxml.jackson.core:jackson-databind:2.9.2
• org.sonatype.nexus:nexus-repository:3.14.0-04 └─ org.sonatype.nexus:nexus-orient:3.14.0-04 └─ com.orientechnologies:orientdb-server:2.2.36 └─ com.orientechnologies:orientdb-tools:2.2.36 └─ com.fasterxml.jackson.core:jackson-databind:2.9.2 └─ com.fasterxml.jackson.datatype:jackson-datatype-joda:2.9.2 └─ com.fasterxml.jackson.core:jackson-databind:2.9.2 └─ com.fasterxml.jackson.core:jackson-databind:2.9.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.