Current build has Transitive Depency on Jackson jar that has a Vulnerability w/score 9.8

Question

Current build has Transitive Depency on Jackson jar that has a Vulnerability w/score 9.8

chrisfabri opened this issue 3 years ago · 1 comments

Library amazon-kinesis-video-streams-parser-library:1.0.15 has a transitive dependency on

com.fasterxml.jackson.core:jackson-databind:2.6.7.4:jar

But this depndency has a vulnerability with score 9.8 associated with it.

Dependency: MAVEN - com.fasterxml.jackson.core:jackson-databind:2.6.7.4:jar

  RejectReasons (1)

    RejectReason:   99234216-fe64-4e14-bc93-efc5c238e539

      Type:               VULNERABILITY

      Name:               SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111

      CVSS Score v3:      9.8

      Severity:           severe

      Description Link:   https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111

Dependency: MAVEN - com.fasterxml.jackson.core:jackson-annotations:2.6.0:jar

Answer 1 · 2021-06-03T17:42:39.000Z

It has been updated, please feel free to close this ticket if that works for you.