[jira] [Commented] (TIKA-2960) Detected 1 vulnerable components: [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8

Sun, 13 Oct 2019 02:03:20 -0700 


    [ 
https://issues.apache.org/jira/browse/TIKA-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16950248#comment-16950248
 ] 

Alex Ott commented on TIKA-2960:
--------------------------------

the changes are already in master

> Detected 1 vulnerable components: [ERROR]   
> com.fasterxml.jackson.core:jackson-databind:jar:2.9.8
> -------------------------------------------------------------------------------------------------
>
>                 Key: TIKA-2960
>                 URL: https://issues.apache.org/jira/browse/TIKA-2960
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Ramesh Thumati
>            Priority: Major
>
> I am trying to deploy my project central.sonatype repository. During that I 
> hit the following vulnerabilities reported:
> [ERROR] Failed to execute goal 
> org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.1:audit 
> (audit-dependencies) on project fscrawler-framework: Detected 1 vulnerable 
> components:
> [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; 
> https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> [ERROR] * [CVE-2019-12086] Information Exposure (7.5); 
> https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
> [ERROR] * [CVE-2019-12814] Information Exposure (5.9); 
> https://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7
> [ERROR] * [CVE-2019-12384] Deserialization of Untrusted Data (5.9); 
> https://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125
> [ERROR] * [CVE-2019-14439] A Polymorphic Typing issue was discovered in 
> FasterXML jackson-databind 2.x befo... (7.5); 
> https://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c
> [ERROR] * [CVE-2019-14379] SubTypeValidator.java in FasterXML 
> jackson-databind before 2.9.9.2 mishandles de... (9.8); 
> https://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9
> [ERROR] * [CVE-2019-14540] A Polymorphic Typing issue was discovered in 
> FasterXML jackson-databind before 2... (0.0); 
> https://ossindex.sonatype.org/vuln/fc1e8802-77e5-458f-b987-eb778c6ac2fc
> [ERROR] * [CVE-2019-16335] A Polymorphic Typing issue was discovered in 
> FasterXML jackson-databind before 2... (0.0); 
> [https://ossindex.sonatype.org/vuln/3242fdc1-bfe9-46a6-af0c-0b8f57f56eb7]
> not getting what is the issue here. anyone please check and make me 
> understand the issue and how can resolve that?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to