chore(deps): update dependency com.fasterxml.jackson.core:jackson-databind to v2.12.7.1 - autoclosed #300
Security Report
You have successfully remediated 32 vulnerabilities, but introduced 2 new vulnerabilities in this branch.
❌ New vulnerabilities:
CVE | Severity | Vulnerable Library | Suggested Fix | Issue | |
---|---|---|---|---|---|
CVE-2018-14040Path to vulnerable library: /templates/static-website-template/app/js/bootstrap.js,/core/jazz-web/js/bootstrap.js Dependency Hierarchy: -> ❌ bootstrap-3.3.5.js (Vulnerable Library) |
3.7 | bootstrap-3.3.5.js | Upgrade to version: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 | #46 | |
CVE-2018-14040Path to dependency file: /templates/static-website-template/app/index.html Path to vulnerable library: /templates/static-website-template/app/js/bootstrap.min.js,/core/jazz-web/js/bootstrap.min.js,/core/jazz-web/js/bootstrap.min.js,/templates/static-website-template/app/js/bootstrap.min.js Dependency Hierarchy: -> ❌ bootstrap-3.3.5.min.js (Vulnerable Library) |
3.7 | bootstrap-3.3.5.min.js | Upgrade to version: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 | #46 |
✔️ Remediated vulnerabilities:
CVE | Vulnerable Library |
---|---|
CVE-2020-25649 | jackson-databind-2.9.10.4.jar |
CVE-2020-35490 | jackson-databind-2.9.10.4.jar |
CVE-2020-36187 | jackson-databind-2.9.10.4.jar |
CVE-2022-42004 | jackson-databind-2.9.10.4.jar |
CVE-2020-14062 | jackson-databind-2.9.10.4.jar |
CVE-2020-36181 | jackson-databind-2.9.10.4.jar |
CVE-2020-36184 | jackson-databind-2.9.10.4.jar |
CVE-2020-24616 | jackson-databind-2.9.10.4.jar |
CVE-2022-42003 | jackson-databind-2.10.0.jar |
CVE-2020-36183 | jackson-databind-2.9.10.4.jar |
CVE-2020-35491 | jackson-databind-2.9.10.4.jar |
CVE-2020-14061 | jackson-databind-2.9.10.4.jar |
CVE-2022-42004 | jackson-databind-2.10.0.jar |
CVE-2020-36179 | jackson-databind-2.9.10.4.jar |
CVE-2020-36189 | jackson-databind-2.9.10.4.jar |
CVE-2024-28849 | follow-redirects-1.15.5.tgz |
CVE-2020-36188 | jackson-databind-2.9.10.4.jar |
CVE-2020-36185 | jackson-databind-2.9.10.4.jar |
CVE-2024-29041 | express-4.18.3.tgz |
CVE-2020-36182 | jackson-databind-2.9.10.4.jar |
CVE-2020-14060 | jackson-databind-2.9.10.4.jar |
CVE-2021-20190 | jackson-databind-2.9.10.4.jar |
CVE-2020-36518 | jackson-databind-2.9.10.4.jar |
CVE-2020-35728 | jackson-databind-2.9.10.4.jar |
CVE-2020-14195 | jackson-databind-2.9.10.4.jar |
CVE-2022-42003 | jackson-databind-2.9.10.4.jar |
CVE-2020-24750 | jackson-databind-2.9.10.4.jar |
CVE-2020-36180 | jackson-databind-2.9.10.4.jar |
CVE-2020-36518 | jackson-databind-2.10.0.jar |
CVE-2020-25649 | jackson-databind-2.10.0.jar |
CVE-2021-46877 | jackson-databind-2.10.0.jar |
CVE-2020-36186 | jackson-databind-2.9.10.4.jar |
Base branch total remaining vulnerabilities: 111
Base branch commit: 712665b267203375ee4b15e1f8d1ebe08abc1547
Total libraries scanned: 1638
Scan token: 62805413518d45d08e551e87df4166d3