Adding Jackso BOM to core to ensure jackson version inheritance.
jackson-databind
Fix: Resolve vulnerabilities in This PR addresses high-severity vulnerabilities identified in the jackson-databind
library. Below is the list of vulnerabilities that have been resolved:
Resolved Vulnerabilities:
-
com.fasterxml.jackson.core:jackson-databind
-
Vulnerability: CVE-2020-36518
- Severity: High
- Issue: Denial of Service via a large depth of nested objects.
-
Resolution: Upgraded from
2.11.3
to2.13.2.1
.
-
Vulnerability: CVE-2021-46877
- Severity: High
-
Issue: Possible Denial of Service if using JDK serialization to serialize
JsonNode
. -
Resolution: Upgraded from
2.11.3
to2.13.1
.
-
Vulnerability: CVE-2022-42003
- Severity: High
-
Issue: Vulnerability with deep wrapper array nesting related to
UNWRAP_SINGLE_VALUE_ARRAYS
. -
Resolution: Upgraded from
2.11.3
to2.13.4.2
.
-
Vulnerability: CVE-2022-42004
- Severity: High
- Issue: Use of deeply nested arrays can lead to potential issues.
-
Resolution: Upgraded from
2.11.3
to2.13.4
.
-
By upgrading to a secure version of jackson-databind
, this PR ensures enhanced security and mitigates the risks associated with these vulnerabilities. Please review and approve.