Skip to content
This repository has been archived by the owner on Jul 10, 2024. It is now read-only.

here is a vulnerability in jackson-databind 1.9.13,upgrade recommended #473

Open
QiAnXinCodeSafe opened this issue Dec 9, 2020 · 0 comments
Open

here is a vulnerability in jackson-databind 1.9.13,upgrade recommended #473

QiAnXinCodeSafe opened this issue Dec 9, 2020 · 0 comments
Labels
dependencies Pull requests that update a dependency file

Comments

@QiAnXinCodeSafe
Copy link

submarine/pom.xml

Line 120 in 3041ef2

<codehaus-jackson.version>1.9.13</codehaus-jackson.version>

CVE-2017-15095 CVE-2018-7489 CVE-2019-14540 CVE-2019-16335 CVE-2019-17267 CVE-2019-14893 CVE-2018-5968 CVE-2019-10172 CVE-2018-1000873
Recommended upgrade version:

2.6.7.4
@jiwq jiwq added the dependencies Pull requests that update a dependency file label Dec 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jiwq @QiAnXinCodeSafe