Current build has Transitive Depency on Jackson jar that has a Vulnerability w/score 9.8
chrisfabri opened this issue · 1 comments
chrisfabri commented
Library amazon-kinesis-video-streams-parser-library:1.0.15 has a transitive dependency on
- com.fasterxml.jackson.core:jackson-databind:2.6.7.4:jar
But this depndency has a vulnerability with score 9.8 associated with it.
Dependency: MAVEN - com.fasterxml.jackson.core:jackson-databind:2.6.7.4:jar
RejectReasons (1)
RejectReason: 99234216-fe64-4e14-bc93-efc5c238e539
Type: VULNERABILITY
Name: SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111
CVSS Score v3: 9.8
Severity: severe
Description Link: https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111
Dependency: MAVEN - com.fasterxml.jackson.core:jackson-annotations:2.6.0:jar
hassanctech commented
It has been updated, please feel free to close this ticket if that works for you.