nifi-swagger-client
nifi-swagger-client copied to clipboard
Hello! We found a vulnerable dependency in your project. Are you aware of it?
Hi! We spot a vulnerable dependency in your project, which might threaten your software. And we found that the vulnerable function of this CVE can be easily accessed from your software.
- CVE_ID: CVE-2016-3720
- Vulnerable dependency: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
- Your invocation path to the vulnerable method:
com.github.hermannpencole.nifi.swagger.XML:deserialize(java.lang.String,java.lang.reflect.Type)
⬇️
com.fasterxml.jackson.dataformat.xml.XmlMapper:<init>()
⬇️
....
⬇️
com.fasterxml.jackson.dataformat.xml.XmlFactory:<init>(com.fasterxml.jackson.core.ObjectCodec,int,int,javax.xml.stream.XMLInputFactory,javax.xml.stream.XMLOutputFactory,java.lang.String)
Therefore, maybe you need to upgrade this dependency. Hope this can help you! 😄