CVE-2023-5072 & CVE-2022-45688 found in jackson-core 2.16.0
KaeYan93 opened this issue · 3 comments
Hi jackson-core team,
When i scan my application, i saw 2 security vulnerabilities found by the owasp dependency check tool.
Can i confirm that for 2.16.0, are the following CVE-2023-5072 and CVE-2022-45688 resolved?
Those are not Jackson CVEs. Closing.
Hi, is jackson using org.json? This is the CVE of org.json and jackson is using this dependency.
Can i confirm the current version of org.json jackson is using?
I cannot find this transitive dependency from my IDE dependency analyzer though.
@KaeYan93 Do your research first before filing issues that waste time of the development team.
We are not here to answer questions you are too lazy to find answers for on your own.
You should be able to quite easily figure out whether jackson-core
uses org.json
library or not: it does not, as per pom.xml
that lists dependencies.
Or use https://mvnrepository.com:
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core
to see dependencies.