Hi, I was checking the information that we have available for jackson-databind:2.6.7.4 on NIST NVD and it is showing Vulnerabilities (CVEs) that are already fixed.
Link for jackson-databind:2.6.7.4: https://nvd.nist.gov/products/cpe/detail/844569 Link for the vulnerabilities list "here <https://nvd.nist.gov/vuln/search/results?adv_search=true&query=cpe%3A2.3%3Aa%3Afasterxml%3Ajackson-databind%3A2.6.7.4%3A*%3A*%3A*%3A*%3A*%3A*%3A*> ". List of vulnerabilities fixed and the corresponding fixed version: CVE | Fixed version CVE-2018-11307 | 2.6.7.3 CVE-2019-16942 | 2.6.7.3 CVE-2020-9547 | 2.6.7.4 CVE-2019-20330 | 2.6.7.4 CVE-2020-8840 | 2.6.7.4 CVE-2020-9546 | 2.6.7.4 CVE-2020-9548 | 2.6.7.4 CVE-2019-16335 | 2.6.7.3 CVE-2017-15095 | 2.6.7.2 CVE-2019-14893 | 2.6.7.3 CVE-2019-17267 | 2.6.7.3 CVE-2019-14540 | 2.6.7.3 CVE-2020-11111 | 2.6.7.4 CVE-2020-11113 | 2.6.7.4 CVE-2020-10672 | 2.6.7.4 CVE-2020-10969 | 2.6.7.4 CVE-2020-10968 | 2.6.7.4 CVE-2020-10673 | 2.6.7.4 CVE-2020-11112 | 2.6.7.4 CVE-2020-14060 | 2.6.7.4 CVE-2020-11620 | 2.6.7.4 CVE-2020-24616 | 2.6.7.4 CVE-2020-14195 | 2.6.7.4 CVE-2020-11619 | 2.6.7.4 CVE-2020-24750 | 2.6.7.4 CVE-2020-14061 | 2.6.7.4 CVE-2020-14062 | 2.6.7.4 Please let me know if you are aware of it, and when are you expecting to have this fixed. Best regards, -- The content of this email is confidential and intended for the recipient specified in message only. It is strictly prohibited to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/2fb7c750-4f62-4154-a753-808e79c64a7an%40googlegroups.com.
