Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency com.fasterxml.jackson.core:jackson-databind to v2.12.7.1 - autoclosed #300

Closed
wants to merge 1 commit into from

chore(deps): update dependency com.fasterxml.jackson.core:jackson-dat…

cb58207
Select commit
Loading
Failed to load commit list.
Closed

chore(deps): update dependency com.fasterxml.jackson.core:jackson-databind to v2.12.7.1 - autoclosed #300

chore(deps): update dependency com.fasterxml.jackson.core:jackson-dat…
cb58207
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed May 4, 2024 in 12m 29s

Security Report

You have successfully remediated 32 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2018-14040

Path to vulnerable library: /templates/static-website-template/app/js/bootstrap.js,/core/jazz-web/js/bootstrap.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.5.js (Vulnerable Library)

Low 3.7 bootstrap-3.3.5.js Upgrade to version: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 #46
CVE-2018-14040

Path to dependency file: /templates/static-website-template/app/index.html

Path to vulnerable library: /templates/static-website-template/app/js/bootstrap.min.js,/core/jazz-web/js/bootstrap.min.js,/core/jazz-web/js/bootstrap.min.js,/templates/static-website-template/app/js/bootstrap.min.js

Dependency Hierarchy:

-> ❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Low 3.7 bootstrap-3.3.5.min.js Upgrade to version: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 #46

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2020-25649 jackson-databind-2.9.10.4.jar
CVE-2020-35490 jackson-databind-2.9.10.4.jar
CVE-2020-36187 jackson-databind-2.9.10.4.jar
CVE-2022-42004 jackson-databind-2.9.10.4.jar
CVE-2020-14062 jackson-databind-2.9.10.4.jar
CVE-2020-36181 jackson-databind-2.9.10.4.jar
CVE-2020-36184 jackson-databind-2.9.10.4.jar
CVE-2020-24616 jackson-databind-2.9.10.4.jar
CVE-2022-42003 jackson-databind-2.10.0.jar
CVE-2020-36183 jackson-databind-2.9.10.4.jar
CVE-2020-35491 jackson-databind-2.9.10.4.jar
CVE-2020-14061 jackson-databind-2.9.10.4.jar
CVE-2022-42004 jackson-databind-2.10.0.jar
CVE-2020-36179 jackson-databind-2.9.10.4.jar
CVE-2020-36189 jackson-databind-2.9.10.4.jar
CVE-2024-28849 follow-redirects-1.15.5.tgz
CVE-2020-36188 jackson-databind-2.9.10.4.jar
CVE-2020-36185 jackson-databind-2.9.10.4.jar
CVE-2024-29041 express-4.18.3.tgz
CVE-2020-36182 jackson-databind-2.9.10.4.jar
CVE-2020-14060 jackson-databind-2.9.10.4.jar
CVE-2021-20190 jackson-databind-2.9.10.4.jar
CVE-2020-36518 jackson-databind-2.9.10.4.jar
CVE-2020-35728 jackson-databind-2.9.10.4.jar
CVE-2020-14195 jackson-databind-2.9.10.4.jar
CVE-2022-42003 jackson-databind-2.9.10.4.jar
CVE-2020-24750 jackson-databind-2.9.10.4.jar
CVE-2020-36180 jackson-databind-2.9.10.4.jar
CVE-2020-36518 jackson-databind-2.10.0.jar
CVE-2020-25649 jackson-databind-2.10.0.jar
CVE-2021-46877 jackson-databind-2.10.0.jar
CVE-2020-36186 jackson-databind-2.9.10.4.jar

Base branch total remaining vulnerabilities: 111
Base branch commit: 712665b267203375ee4b15e1f8d1ebe08abc1547


Total libraries scanned: 1638

Scan token: 62805413518d45d08e551e87df4166d3

View more details on Mend for GitHub.com