simonbrowndotje
commented
1 year ago This has been resolved upstream and will be reflected in the next release. That said, jackson-*:2.14.1 has a different HIGH vulnerability.
Closed Franco0700 closed 1 year ago
simonbrowndotje
commented
1 year ago This has been resolved upstream and will be reflected in the next release. That said, jackson-*:2.14.1 has a different HIGH vulnerability.
gradle using an old version of jackson-databind. I found the vulnerability using trivy.
Library: com.fasterxml.jackson.core:jackson-databind (jackson-databind-2.13.4.1.jar) Severity: HIGH Vuln: CVE-2022-42003