CVE-2018-12023 High Severity Vulnerability detected by WhiteSource #7

mend-bolt-for-github · 2019-01-15T12:53:17Z

CVE-2018-12023 - High Severity Vulnerability

Vulnerable Library - jackson-databind-2.8.1.jar

General data-binding functionality for Jackson: works on core streaming API

path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.1/jackson-databind-2.8.1.jar

Dependency Hierarchy:

spring-boot-starter-web-1.4.0.RELEASE.jar (Root Library)
- ❌ jackson-databind-2.8.1.jar (Vulnerable Library)

Vulnerability Details

jackson-databind has a potential remote code execution (RCE) vulnerability. in versions 2.7.9.x. 2.8.x < 2.8.11.2. and version 2.9.4--2.9.5.

Publish Date: 2018-12-13

CVSS 2 Score Details (7.6)

Base Score Metrics not available

Suggested Fix

Type: Change files

Release Date: 2018-06-01

Fix Resolution: Replace or update the following file: SubTypeValidator.java

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 15, 2019