Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High - CVE-2020-25649 - jackson-databind-2.10.3.jar #126

Open
elvinfucom opened this issue Jan 7, 2021 · 1 comment
Open

High - CVE-2020-25649 - jackson-databind-2.10.3.jar #126

elvinfucom opened this issue Jan 7, 2021 · 1 comment

Comments

@elvinfucom
Copy link

Expected Behavior

Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.11.0.rc1,2.10.5,2.9.10.7,2.6.7.4
Message: Upgrade to version
Details: FasterXML/jackson-databind#2589

Actual Behavior

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
@elvinfucom elvinfucom mentioned this issue Jan 7, 2021
Closed
@bemanuel
Copy link

bemanuel commented Jul 5, 2023

This was solved, right? Checking the pom.xml jackson library is 2.14

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elvinfucom @bemanuel