[ https://issues.apache.org/jira/browse/TIKA-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16950248#comment-16950248 ]
Alex Ott commented on TIKA-2960: -------------------------------- the changes are already in master > Detected 1 vulnerable components: [ERROR] > com.fasterxml.jackson.core:jackson-databind:jar:2.9.8 > ------------------------------------------------------------------------------------------------- > > Key: TIKA-2960 > URL: https://issues.apache.org/jira/browse/TIKA-2960 > Project: Tika > Issue Type: Bug > Reporter: Ramesh Thumati > Priority: Major > > I am trying to deploy my project central.sonatype repository. During that I > hit the following vulnerabilities reported: > [ERROR] Failed to execute goal > org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.1:audit > (audit-dependencies) on project fscrawler-framework: Detected 1 vulnerable > components: > [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; > https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8 > [ERROR] * [CVE-2019-12086] Information Exposure (7.5); > https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029 > [ERROR] * [CVE-2019-12814] Information Exposure (5.9); > https://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7 > [ERROR] * [CVE-2019-12384] Deserialization of Untrusted Data (5.9); > https://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125 > [ERROR] * [CVE-2019-14439] A Polymorphic Typing issue was discovered in > FasterXML jackson-databind 2.x befo... (7.5); > https://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c > [ERROR] * [CVE-2019-14379] SubTypeValidator.java in FasterXML > jackson-databind before 2.9.9.2 mishandles de... (9.8); > https://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9 > [ERROR] * [CVE-2019-14540] A Polymorphic Typing issue was discovered in > FasterXML jackson-databind before 2... (0.0); > https://ossindex.sonatype.org/vuln/fc1e8802-77e5-458f-b987-eb778c6ac2fc > [ERROR] * [CVE-2019-16335] A Polymorphic Typing issue was discovered in > FasterXML jackson-databind before 2... (0.0); > [https://ossindex.sonatype.org/vuln/3242fdc1-bfe9-46a6-af0c-0b8f57f56eb7] > not getting what is the issue here. anyone please check and make me > understand the issue and how can resolve that? -- This message was sent by Atlassian Jira (v8.3.4#803005)