Skip to content
This repository was archived by the owner on Jan 19, 2023. It is now read-only.

jackson-databind: CVE-2019-14379 and CVE-2019-14439 #24

Closed
msymons opened this issue Aug 6, 2019 · 1 comment
Closed

jackson-databind: CVE-2019-14379 and CVE-2019-14439 #24

msymons opened this issue Aug 6, 2019 · 1 comment

Comments

@msymons
Copy link

msymons commented Aug 6, 2019

URL: CVE-2019-14379 and CVE-2019-14439
format: maven
name: com.fasterxml.jackson.core:jackson-databind
versions: < 2.9.9.3

Note that the fix version that I give here is not the same as that listed in the CVE (2.9.9.2). That's because 2.9.9.2 introduced a recursion:

FasterXML/jackson-databind#2395

Example purl that should link to the CVE in OSS Index:

pkg:maven/com.fasterxml.jackson.core/[email protected]?type=jar
@ken-duck
Copy link
Contributor

We had an exception preventing the processing of some CVEs. This has been resolved. Thanks for the heads up!

https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@msymons @ken-duck