openai-java
openai-java copied to clipboard
Various security vulnerabilities due to outdated `jackson-databind:2.10.1`
Provides transitive vulnerable dependency maven:com.fasterxml.jackson.core:jackson-databind:2.10.1 CVE-2020-25649 7.5 Improper Restriction of XML External Entity Reference vulnerability pending CVSS allocation CVE-2021-20190 8.1 Deserialization of Untrusted Data vulnerability pending CVSS allocation CVE-2020-10650 8.1 Deserialization of Untrusted Data vulnerability with high severity found Cxced0c06c-935c 5.9 Uncontrolled Resource Consumption vulnerability pending CVSS allocation CVE-2020-36518 7.5 Out-of-bounds Write vulnerability pending CVSS allocation CVE-2022-42003 7.5 Deserialization of Untrusted Data vulnerability pending CVSS allocation CVE-2022-42004 7.5 Deserialization of Untrusted Data vulnerability pending CVSS allocation
Dependency tree:
[INFO] | \- com.squareup.retrofit2:converter-jackson:jar:2.9.0:runtime
[INFO] | \- com.fasterxml.jackson.core:jackson-databind:jar:2.10.1:runtime
[INFO] | \- com.fasterxml.jackson.core:jackson-core:jar:2.10.1:runtime