Feature 2

[jeff-cycode]

No description provided.

[endorlabs]

Warning

Endor Labs detected 1 policy violations associated with this pull request.

Please review the findings that caused the policy violations.

📋 Policy: Critical Not Test (3 findings)

📥 Package mvn://com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT

⤵️ Dependency: mvn://com.fasterxml.jackson.core:jackson-databind@2.9.10.3

🚩 GHSA-5p34-5m6p-p58g: jackson-databind mishandles the interaction between serialization gadgets and typing

Details

• Severity: Critical
• Tags: Direct Normal Potentially Reachable Function Potentially Reachable Dependency Fix Available Blocker
• Categories: Security Vulnerability
• Summary: com.fasterxml.jackson.core:jackson-databind@2.9.10.3 has a critical vulnerability identified by GHSA-5p34-5m6p-p58g: jackson-databind mishandles the interaction between serialization gadgets and typing. This vulnerability was fixed in version 2.9.10.4.
  com.fasterxml.jackson.core:jackson-databind@2.9.10.3 is a direct dependency of com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT.
• Remediation: Update com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT to use com.fasterxml.jackson.core:jackson-databind version 2.9.10.4 (current: 2.9.10.3, latest: 3.0.0-20220708.234610-2817).

🚩 GHSA-q93h-jc49-78gg: jackson-databind mishandles the interaction between serialization gadgets and typing

Details

• Severity: Critical
• Tags: Direct Normal Potentially Reachable Function Potentially Reachable Dependency Fix Available Blocker
• Categories: Security Vulnerability
• Summary: com.fasterxml.jackson.core:jackson-databind@2.9.10.3 has a critical vulnerability identified by GHSA-q93h-jc49-78gg: jackson-databind mishandles the interaction between serialization gadgets and typing. This vulnerability was fixed in version 2.9.10.4.
  com.fasterxml.jackson.core:jackson-databind@2.9.10.3 is a direct dependency of com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT.
• Remediation: Update com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT to use com.fasterxml.jackson.core:jackson-databind version 2.9.10.4 (current: 2.9.10.3, latest: 3.0.0-20220708.234610-2817).

🚩 GHSA-p43x-xfjf-5jhr: jackson-databind mishandles the interaction between serialization gadgets and typing

Details

• Severity: Critical
• Tags: Direct Normal Potentially Reachable Function Potentially Reachable Dependency Fix Available Blocker
• Categories: Security Vulnerability
• Summary: com.fasterxml.jackson.core:jackson-databind@2.9.10.3 has a critical vulnerability identified by GHSA-p43x-xfjf-5jhr: jackson-databind mishandles the interaction between serialization gadgets and typing. This vulnerability was fixed in version 2.9.10.4.
  com.fasterxml.jackson.core:jackson-databind@2.9.10.3 is a direct dependency of com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT.
• Remediation: Update com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT to use com.fasterxml.jackson.core:jackson-databind version 2.9.10.4 (current: 2.9.10.3, latest: 3.0.0-20220708.234610-2817).

---

This comment was automatically generated by Endor Labs.
Scanned @ 03-19-2025 18:44:29 UTC