-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High - CVE-2020-25649 - jackson-databind-2.10.3.jar #126
Comments
This was solved, right? Checking the pom.xml jackson library is 2.14 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.11.0.rc1,2.10.5,2.9.10.7,2.6.7.4
Message: Upgrade to version
Details: FasterXML/jackson-databind#2589
Actual Behavior
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
The text was updated successfully, but these errors were encountered: