search

tsaekao / verademo-java

The Veracode demo application. A simple Java Web App built using Spring MVC.
0 stars 0 forks source link

CVE: 2018-11307 found in jackson-databind - Version: 2.4.2 [JAVA] #20

Open github-actions[bot] opened 7 months ago

github-actions[bot] commented 7 months ago

Veracode Software Composition Analysis

Attribute Details
Library jackson-databind
Description General data-binding functionality for Jackson: works on core streaming API
Language JAVA
Vulnerability Remote Code Execution (RCE)
Vulnerability description jackson-databind is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to the availability of an allowed gadget type that could be used to perform remote code execution attacks through deserialization.
CVE 2018-11307
CVSS score 7.5
Vulnerability present in version/s 2.0.0-RC1-2.7.9.3
Found library version/s 2.4.2
Vulnerability fixed in version 2.7.9.4
Library latest version 2.16.1
Fix Apply fix patch.

Links:

github-actions[bot] commented 7 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/2

github-actions[bot] commented 7 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/43