[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2 #3

patrickkelso · 2023-08-10T22:25:01Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 156 versions ahead of your current version.
The recommended version was released 2 months ago, on 2023-05-30.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-31507	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-31573	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	791/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

…o 2.15.2 Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2. See this package in Maven Repository: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/ See this project in Snyk: https://app.snyk.io/org/uts-dev/project/2ff85263-c166-4b41-9799-18f71476670c?utm_source=github&utm_medium=referral&page=upgrade-pr

prisma-cloud-devsecops

Prisma Cloud has found errors in this PR ⬇️

prisma-cloud-devsecops · 2023-08-10T22:26:36Z

sca-package/pom.xml

 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.4.0</version>
+			<version>2.15.2</version>


com.fasterxml.jackson.core:jackson-core 2.4.0 / pom.xml

Total vulnerabilities: 3

Critical: 0 High: 1 Medium: 2 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

PRISMA-2023-0067 HIGH 7.5 2.15.0 Open

PRISMA-2023-0068 MEDIUM 5.3 2.8.6 Open

PRISMA-2023-0069 MEDIUM 5.3 2.7.7 Open

prisma-cloud-devsecops bot reviewed Aug 10, 2023

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2 #3

[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2 #3

Uh oh!

patrickkelso commented Aug 10, 2023

Uh oh!

prisma-cloud-devsecops bot left a comment

Uh oh!

prisma-cloud-devsecops bot Aug 10, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Vulnerability ID	Severity	CVSS	Fixed in	Status
PRISMA-2023-0067	HIGH	7.5	`2.15.0`	Open
PRISMA-2023-0068	MEDIUM	5.3	`2.8.6`	Open
PRISMA-2023-0069	MEDIUM	5.3	`2.7.7`	Open

[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2 #3

Are you sure you want to change the base?

[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2 #3

Uh oh!

Conversation

patrickkelso commented Aug 10, 2023

Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.4.0 to 2.15.2.

Uh oh!

prisma-cloud-devsecops bot left a comment

Choose a reason for hiding this comment

Uh oh!

prisma-cloud-devsecops bot Aug 10, 2023

Choose a reason for hiding this comment

com.fasterxml.jackson.core:jackson-core 2.4.0 / pom.xml

Total vulnerabilities: 3

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants