CVE-2018-11307 (Medium) detected in jackson-databind-2.8.9.jar #422
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-11307 - Medium Severity Vulnerability
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /infiniboard/harvester/build.gradle
Path to vulnerable library: /root/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.9/4dfca3975be3c1a98eacb829e70f02e9a71bc159/jackson-databind-2.8.9.jar,/root/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.9/4dfca3975be3c1a98eacb829e70f02e9a71bc159/jackson-databind-2.8.9.jar
Dependency Hierarchy:
Found in HEAD commit: 743bd280ef9d3a3127ed7f904cd5dddec872618a
jackson-databind has a Potential information exfiltration with default typing. versions 2.7.9.x < 2.7.9.4, 2.8.x < 2.8.11.2, 2.9.x < 2.9.6
Publish Date: 2018-12-13
URL: CVE-2018-11307
Base Score Metrics not available
Type: Upgrade version
Origin: FasterXML/jackson-databind#2032
Release Date: 2019-03-17
Fix Resolution: jackson-databind-2.9.6
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: