CVE-2018-12023 High Severity Vulnerability detected by WhiteSource #5
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-12023 - High Severity Vulnerability
General data-binding functionality for Jackson: works on core streaming API
path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.1/jackson-databind-2.8.1.jar
Library home page: http://github.com/FasterXML/jackson
Dependency Hierarchy:
jackson-databind has a potential remote code execution (RCE) vulnerability. in versions 2.7.9.x. 2.8.x < 2.8.11.2. and version 2.9.4--2.9.5.
Publish Date: 2018-12-13
URL: CVE-2018-12023
Base Score Metrics not available
Type: Change files
Origin: FasterXML/jackson-databind@7487cf7
Release Date: 2018-06-01
Fix Resolution: Replace or update the following file: SubTypeValidator.java
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: