Skip to content

Remediate High Jackson vulnerability #109

New issue
New issue
Open
Open
Remediate High Jackson vulnerability#109
Assignees
NoopDog
Milestone
Q1 2020 Milestone 2
@Lilalamar

Description

@Lilalamar
Lilalamar
opened on Jan 28, 2020

Snyk reports the following High severity vulnerability in HumanCellAtlas/data-consumer-vignettes. Please remediate by the end of Q1 Milestone 2.

Description
com.fasterxml.jackson.core:jackson-databind

Suggested Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.10.0.pr3, 2.9.10 or higher.

Details
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Two additional net.sf.ehcache gadgets are not blacklisted.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions