Vulnerable Package issue exists @ Maven-com.fasterxml.jackson.core:jackson-databind-2.10.0 in branch master
A flaw was found in FasterXML Jackson Databind before 2.6.7.4, 2.7.0 through 2.9.10.6, and 2.10.0 through 2.10.5, where it did not have entity expansion secured properly. This flaw makes it vulnerable to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Namespace: ytang1-godaddy
Repository: aws-cdk-examples
Repository Url: https://github.com/ytang1-godaddy/aws-cdk-examples
CxAST-Project: ytang1-godaddy/aws-cdk-examples
CxAST platform scan: 1cfbbe99-19ba-4d92-b481-354c9053d01f
Branch: master
Application: aws-cdk-examples
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-611
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: NONE
Remediation Upgrade Recommendation: 2.12.6.1
References
Advisory
Issue
Issue
Commit
Vulnerable Package issue exists @ Maven-com.fasterxml.jackson.core:jackson-databind-2.10.0 in branch master
A flaw was found in FasterXML Jackson Databind before 2.6.7.4, 2.7.0 through 2.9.10.6, and 2.10.0 through 2.10.5, where it did not have entity expansion secured properly. This flaw makes it vulnerable to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Namespace: ytang1-godaddy
Repository: aws-cdk-examples
Repository Url: https://github.com/ytang1-godaddy/aws-cdk-examples
CxAST-Project: ytang1-godaddy/aws-cdk-examples
CxAST platform scan: 1cfbbe99-19ba-4d92-b481-354c9053d01f
Branch: master
Application: aws-cdk-examples
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-611
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: NONE
Remediation Upgrade Recommendation: 2.12.6.1
References
Advisory
Issue
Issue
Commit