search

square / square-java-sdk

Java client library for the Square API
https://developer.squareup.com
Other
60 stars 33 forks source link

There is a vulnerability in jackson-databind 2.9.10.53 ,upgrade recommended #49

Closed QiAnXinCodeSafe closed 2 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/square/square-java-sdk/blob/fef73742f81cba42101cf91e90794a46d65c79bd/pom.xml#L121

CVE-2021-20190 CVE-2020-24616 CVE-2020-36179 CVE-2020-36181 CVE-2020-36183

Recommended upgrade version: 2.9.10.8

wolfadex commented 2 years ago

The latest SDK has an updated version of jackson-databind.