[BUILD-1089] Dismiss CVE mismatch about Atlassian jackson-xc Created: 09/Jun/23 Updated: 14/Jun/23 Resolved: 09/Jun/23 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Federico Grilli | Assignee: | Federico Grilli |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoR: |
Empty
|
||||
| Team: | |||||
| Work Started: | |||||
| Approved: |
Yes
|
||||
| Description |
One or more dependencies were identified with known vulnerabilities in magnolia-enterprise-pro-webapp: jackson-xc-1.9.14-atlassian-6.jar (pkg:maven/org.codehaus.jackson/jackson-xc@1.9.14-atlassian-6, cpe:2.3:a:fasterxml:jackson-databind:1.9.14:*:*:*:*:*:*:*) : CVE-2017-17485, CVE-2017-7525 magnolia-community-webapp-5.7.31-SNAPSHOT.war: jackson-xc-1.9.14-atlassian-6.jar (cpe:2.3:a:fasterxml:jackson-databind:1.9.14:*:*:*:*:*:*:*) : CVE-2017-17485, CVE-2017-7525 https://nvd.nist.gov/vuln/detail/CVE-2017-17485 Mismatch with FasterXML jackson-databind: jackson-xc is a library from Atlassian and is not affected by the above CVEs. Magnolia 5.7.x uses safe com.fasterxml.jackson.core:jackson-databind:2.13.4.1
|