search

tsaekao / verademo-java

The Veracode demo application. A simple Java Web App built using Spring MVC.
0 stars 0 forks source link

CVE: 0000-0000 found in jackson-databind - Version: 2.4.2 [JAVA] #37

Open github-actions[bot] opened 6 months ago

github-actions[bot] commented 6 months ago

Veracode Software Composition Analysis

Attribute Details
Library jackson-databind
Description General data-binding functionality for Jackson: works on core streaming API
Language JAVA
Vulnerability Deserialization Of Untrusted Data
Vulnerability description FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to CXF JAX-RS implementation by default.
CVE null
CVSS score 7.5
Vulnerability present in version/s 2.0.0-RC1-2.7.9
Found library version/s 2.4.2
Vulnerability fixed in version 2.7.9.7
Library latest version 2.16.1
Fix

Links:

github-actions[bot] commented 6 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/2

github-actions[bot] commented 6 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/43

github-actions[bot] commented 6 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/43

github-actions[bot] commented 6 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/43