2

I have tried all the versions of jackson-databind (including version suggested on whitesource fix), but all the version for jackson-databind showing vulnerability on whitesource scan.

Below is the description of the issue and we can also see the WhiteSource Note : enter image description here

Can someone help me here to resolve this?

Note: I am using jackson-databind dependency so can not exclude it in pom.xml

Brajesh Jha
  • 31
  • 4

1 Answers1

0

The fix for it on the way. Thanks to the open source community. In mean time if there is possibility of a waiver, please request from your vendor.

More details can be found at https://github.com/FasterXML/jackson-databind/issues/2816

pred
  • 29
  • 7