nifi-swagger-client Hello! We found a vulnerable dependency in your project. Are you aware of it?

Hello! We found a vulnerable dependency in your project. Are you aware of it?

Open HelloMavenEco opened this issue 1 year ago • 0 comments

Hi! We spot a vulnerable dependency in your project, which might threaten your software. And we found that the vulnerable function of this CVE can be easily accessed from your software.

CVE_ID: CVE-2016-3720
Vulnerable dependency: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Your invocation path to the vulnerable method:

com.github.hermannpencole.nifi.swagger.XML:deserialize(java.lang.String,java.lang.reflect.Type)
⬇️
com.fasterxml.jackson.dataformat.xml.XmlMapper:<init>()
⬇️
....
⬇️
com.fasterxml.jackson.dataformat.xml.XmlFactory:<init>(com.fasterxml.jackson.core.ObjectCodec,int,int,javax.xml.stream.XMLInputFactory,javax.xml.stream.XMLOutputFactory,java.lang.String)

Therefore, maybe you need to upgrade this dependency. Hope this can help you! 😄

Aug 23 '22 03:08 HelloMavenEco

nifi-swagger-client nifi-swagger-client copied to clipboard

Hello! We found a vulnerable dependency in your project. Are you aware of it?

nifi-swagger-client
nifi-swagger-client copied to clipboard