WebGoat/WebGoat-Legacy

[DepShield] Usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 results in vulnerability to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data

sonatype-depshield opened this issue · 1 comments

This application's usage of com.fasterxml.jackson.core:jackson-databind:2.0.4 causes a vulnerability to [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data with a CVSS score of 9.8. Details about the vulnerability are available on the OSS Index page for [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data.

This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.

Thank you for being an early adopter of DepShield. In an effort provide a
more component-centric view of vulnerabilities we are consolidating your
issue(s), moving them to a new format, and closing this issue. You can
find the new issue here: #73