tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Ott (Jira)" <j...@apache.org>
Subject [jira] [Commented] (TIKA-2960) Detected 1 vulnerable components: [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8
Date Sun, 13 Oct 2019 09:03:00 GMT

    [ https://issues.apache.org/jira/browse/TIKA-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16950248#comment-16950248
] 

Alex Ott commented on TIKA-2960:
--------------------------------

the changes are already in master

> Detected 1 vulnerable components: [ERROR]   com.fasterxml.jackson.core:jackson-databind:jar:2.9.8
> -------------------------------------------------------------------------------------------------
>
>                 Key: TIKA-2960
>                 URL: https://issues.apache.org/jira/browse/TIKA-2960
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Ramesh Thumati
>            Priority: Major
>
> I am trying to deploy my project central.sonatype repository. During that I hit the
following vulnerabilities reported:
> [ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.1:audit
(audit-dependencies) on project fscrawler-framework: Detected 1 vulnerable components:
> [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
> [ERROR] * [CVE-2019-12086] Information Exposure (7.5); https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
> [ERROR] * [CVE-2019-12814] Information Exposure (5.9); https://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7
> [ERROR] * [CVE-2019-12384] Deserialization of Untrusted Data (5.9); https://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125
> [ERROR] * [CVE-2019-14439] A Polymorphic Typing issue was discovered in FasterXML jackson-databind
2.x befo... (7.5); https://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c
> [ERROR] * [CVE-2019-14379] SubTypeValidator.java in FasterXML jackson-databind before
2.9.9.2 mishandles de... (9.8); https://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9
> [ERROR] * [CVE-2019-14540] A Polymorphic Typing issue was discovered in FasterXML jackson-databind
before 2... (0.0); https://ossindex.sonatype.org/vuln/fc1e8802-77e5-458f-b987-eb778c6ac2fc
> [ERROR] * [CVE-2019-16335] A Polymorphic Typing issue was discovered in FasterXML jackson-databind
before 2... (0.0); [https://ossindex.sonatype.org/vuln/3242fdc1-bfe9-46a6-af0c-0b8f57f56eb7]
> not getting what is the issue here. anyone please check and make me understand the issue
and how can resolve that?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message