CVE-2019-14540 (High) detected in jackson-databind-2.9.7.jar #59
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2019-14540 - High Severity Vulnerability
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/spring-boot/spring-boot-project/spring-boot/pom.xml
Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.7/jackson-databind-2.9.7.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.7/jackson-databind-2.9.7.jar,epository/com/fasterxml/jackson/core/jackson-databind/2.9.7/jackson-databind-2.9.7.jar
Dependency Hierarchy:
Found in HEAD commit: 704515b08f76c8c866bd5ac9de9e14d3dda7d671
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Publish Date: 2019-09-15
URL: CVE-2019-14540
Base Score Metrics not available
Type: Upgrade version
Origin: https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x
Release Date: 2019-09-15
Fix Resolution: 2.9.10
The text was updated successfully, but these errors were encountered: