sultanabubaker / basic-gradle-template

MIT License
0 stars 1 forks source link

CVE-2019-14540 (High) detected in jackson-databind-2.6.3.jar - autoclosed #13

Closed dev-mend-for-github-com[bot] closed 2 years ago

dev-mend-for-github-com[bot] commented 2 years ago

CVE-2019-14540 - High Severity Vulnerability

Vulnerable Library - jackson-databind-2.6.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.3/5c4fcae53dd82e2c549b8322d78c6ff47c94c8a8/jackson-databind-2.6.3.jar

Dependency Hierarchy: - mmtf-serialization-1.0.8.jar (Root Library) - jackson-dataformat-msgpack-0.7.1.jar - :x: **jackson-databind-2.6.3.jar** (Vulnerable Library)

Found in HEAD commit: b874bd2741628d035b5d06e7b312f127340324bf

Found in base branch: master

Vulnerability Details

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Publish Date: 2019-09-15

URL: CVE-2019-14540

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540

Release Date: 2019-09-15

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10,2.10.0.pr3,2.11.0.rc1

dev-mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.