This repository has been archived by the owner on Aug 17, 2020. It is now read-only.
[DepShield] (CVSS 10.0) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.1.5 #25
Comments
|
com.fasterxml.jackson.core:jackson-databind:2.1.5 APIs are never used in the generated Jackson Modello reader/writer, since we just use the Streaming APIs, does it still the generated code being affected by the CVSS 10.0? |
|
DepShield reports on vulnerabilities in a project's dependent components but does not determine if they are effective. Without knowing how the code is used in Modello, I could not answer that question. It seems that you've done your own review and found it not applicable so we can close this issue. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Vulnerabilities
DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.1.5 results in the following vulnerability(s):
Occurrences
com.fasterxml.jackson.core:jackson-databind:2.1.5 is a transitive dependency introduced by the following direct dependency(s):
• com.fasterxml.jackson.core:jackson-databind:2.1.5
• org.codehaus.modello:modello-plugin-jackson:1.8.4-SNAPSHOT
└─ com.fasterxml.jackson.core:jackson-databind:2.1.5
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
The text was updated successfully, but these errors were encountered: