[jira] [Created] (TIKA-2960) Detected 1 vulnerable components: [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8

Tue, 08 Oct 2019 15:48:53 -0700 

Ramesh Thumati created TIKA-2960:
------------------------------------

             Summary: Detected 1 vulnerable components: [ERROR]   
com.fasterxml.jackson.core:jackson-databind:jar:2.9.8
                 Key: TIKA-2960
                 URL: https://issues.apache.org/jira/browse/TIKA-2960
             Project: Tika
          Issue Type: Bug
            Reporter: Ramesh Thumati


I am trying to deploy my project central.sonatype repository. During that I hit 
the following vulnerabilities reported:

[ERROR] Failed to execute goal 
org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.1:audit 
(audit-dependencies) on project fscrawler-framework: Detected 1 vulnerable 
components:
[ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; 
https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]
[ERROR] * [CVE-2019-12086] Information Exposure (7.5); 
https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
[ERROR] * [CVE-2019-12814] Information Exposure (5.9); 
https://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7
[ERROR] * [CVE-2019-12384] Deserialization of Untrusted Data (5.9); 
https://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125
[ERROR] * [CVE-2019-14439] A Polymorphic Typing issue was discovered in 
FasterXML jackson-databind 2.x befo... (7.5); 
https://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c
[ERROR] * [CVE-2019-14379] SubTypeValidator.java in FasterXML jackson-databind 
before 2.9.9.2 mishandles de... (9.8); 
https://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9
[ERROR] * [CVE-2019-14540] A Polymorphic Typing issue was discovered in 
FasterXML jackson-databind before 2... (0.0); 
https://ossindex.sonatype.org/vuln/fc1e8802-77e5-458f-b987-eb778c6ac2fc
[ERROR] * [CVE-2019-16335] A Polymorphic Typing issue was discovered in 
FasterXML jackson-databind before 2... (0.0); 
[https://ossindex.sonatype.org/vuln/3242fdc1-bfe9-46a6-af0c-0b8f57f56eb7]



not getting what is the issue here. anyone please check and make me understand 
the issue and how can resolve that?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to