jackson-databind-2.8.4.jar: 53 vulnerabilities (highest severity is: 9.8)

[mend-for-github-com]

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Vulnerabilities

Vulnerability	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (jackson-databind version)	Remediation Possible**	Reachability
CVE-2020-9548	Critical	9.8	Not Defined	62.015%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-9547	Critical	9.8	Not Defined	38.262%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-8840	Critical	9.8	Not Defined	8.109%	jackson-databind-2.8.4.jar	Direct	2.8.11.5	✅
CVE-2019-20330	Critical	9.8	Not Defined	1.914%	jackson-databind-2.8.4.jar	Direct	2.8.11.5	✅
CVE-2019-17267	Critical	9.8	Not Defined	1.228%	jackson-databind-2.8.4.jar	Direct	2.8.11.5	✅
CVE-2019-16943	Critical	9.8	Not Defined	1.891%	jackson-databind-2.8.4.jar	Direct	2.8.11.5	✅
CVE-2019-16942	Critical	9.8	Not Defined	0.426%	jackson-databind-2.8.4.jar	Direct	2.8.11.5	✅
CVE-2019-14540	Critical	9.8	Not Defined	6.454%	jackson-databind-2.8.4.jar	Direct	2.8.11.5	✅
CVE-2018-19360	Critical	9.8	Not Defined	6.827%	jackson-databind-2.8.4.jar	Direct	2.8.11.3	✅
CVE-2017-7525	Critical	9.8	Not Defined	82.379%	jackson-databind-2.8.4.jar	Direct	2.8.9	✅
CVE-2020-36184	High	8.8	Not Defined	7.471%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36182	High	8.8	Not Defined	2.95%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36181	High	8.8	Not Defined	5.862%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36180	High	8.8	Not Defined	3.194%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36179	High	8.8	Not Defined	61.883%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-11113	High	8.8	Not Defined	60.714%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-11112	High	8.8	Not Defined	6.772%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-11111	High	8.8	Not Defined	2.082%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-10969	High	8.8	Not Defined	1.035%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-10968	High	8.8	Not Defined	3.824%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-10673	High	8.8	Not Defined	20.898%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-10672	High	8.8	Not Defined	39.493%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2021-20190	High	8.1	Not Defined	0.502%	jackson-databind-2.8.4.jar	Direct	2.9.10.7	✅
CVE-2020-36189	High	8.1	Not Defined	4.276%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36188	High	8.1	Not Defined	10.179%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36187	High	8.1	Not Defined	2.335%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36186	High	8.1	Not Defined	2.623%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36185	High	8.1	Not Defined	2.95%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-36183	High	8.1	Not Defined	2.241%	jackson-databind-2.8.4.jar	Direct	2.9.10.8	✅
CVE-2020-35728	High	8.1	Not Defined	42.315%	jackson-databind-2.8.4.jar	Direct	com.fasterxml.jackson.core:jackson-databind:2.9.10.8	✅
CVE-2020-35491	High	8.1	Not Defined	6.186%	jackson-databind-2.8.4.jar	Direct	com.fasterxml.jackson.core:jackson-databind:2.9.10.8	✅
CVE-2020-35490	High	8.1	Not Defined	4.249%	jackson-databind-2.8.4.jar	Direct	com.fasterxml.jackson.core:jackson-databind:2.9.10.8	✅
CVE-2020-24750	High	8.1	Not Defined	2.052%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-24616	High	8.1	Not Defined	2.908%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-14195	High	8.1	Not Defined	9.286%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-14062	High	8.1	Not Defined	9.872%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-14061	High	8.1	Not Defined	6.308%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-14060	High	8.1	Not Defined	8.934%	jackson-databind-2.8.4.jar	Direct	2.8.11.6	✅
CVE-2020-11620	High	8.1	Not Defined	2.182%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-11619	High	8.1	Not Defined	1.367%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2020-10650	High	8.1	Not Defined	9.009%	jackson-databind-2.8.4.jar	Direct	2.9.10.4	✅
CVE-2019-10202	High	8.1	Not Defined	7.423%	jackson-databind-2.8.4.jar	Direct	2.9.9	✅
WS-2026-0003	High	7.5	Not Defined		jackson-core-2.8.4.jar	Transitive	2.9.5	✅
WS-2022-0468	High	7.5	Not Defined		jackson-core-2.8.4.jar	Transitive	2.9.5	✅
CVE-2025-52999	High	7.5	Not Defined	0.252%	jackson-core-2.8.4.jar	Transitive	2.9.5	✅
CVE-2022-42004	High	7.5	Not Defined	0.25%	jackson-databind-2.8.4.jar	Direct	2.12.7.1	✅
CVE-2022-42003	High	7.5	Not Defined	0.317%	jackson-databind-2.8.4.jar	Direct	2.12.7.1	✅
CVE-2020-36518	High	7.5	Not Defined	0.487%	jackson-databind-2.8.4.jar	Direct	com.fasterxml.jackson.core:jackson-databind:2.13.2.1,com.fasterxml.jackson.core:jackson-databind:2.12.6.1	❌
CVE-2020-25649	High	7.5	Not Defined	0.075%	jackson-databind-2.8.4.jar	Direct	com.fasterxml.jackson.core:jackson-databind:2.6.7.4,2.9.10.7,2.10.5.1,2.11.0.rc1	✅
CVE-2019-14892	High	7.5	Not Defined	0.897%	jackson-databind-2.8.4.jar	Direct	2.8.11.5	✅
CVE-2019-12086	High	7.5	Not Defined	15.522%	jackson-databind-2.8.4.jar	Direct	2.8.11.4	✅
WS-2018-0124	Medium	5.3	Not Defined		jackson-core-2.8.4.jar	Transitive	2.8.6	✅
CVE-2025-49128	Medium	4.0	Not Defined	0.027%	jackson-core-2.8.4.jar	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (16 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2020-9548

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

Publish Date: 2020-03-02

URL: CVE-2020-9548

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 62.015%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548

Release Date: 2020-03-02

Fix Resolution: 2.8.11.6

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-9547

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).

Publish Date: 2020-03-02

URL: CVE-2020-9547

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 38.262%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/GHSA-q93h-jc49-78gg

Release Date: 2020-03-02

Fix Resolution: 2.8.11.6

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-8840

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Publish Date: 2020-02-10

URL: CVE-2020-8840

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 8.109%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-02-10

Fix Resolution: 2.8.11.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-20330

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

Publish Date: 2020-01-03

URL: CVE-2019-20330

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.914%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-01-03

Fix Resolution: 2.8.11.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-17267

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

Publish Date: 2019-10-06

URL: CVE-2019-17267

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.228%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-10-06

Fix Resolution: 2.8.11.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-16943

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Publish Date: 2019-10-01

URL: CVE-2019-16943

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.891%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/GHSA-fmmc-742q-jg75

Release Date: 2019-10-01

Fix Resolution: 2.8.11.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-16942

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

Publish Date: 2019-10-01

URL: CVE-2019-16942

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.426%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/GHSA-mx7p-6679-8g3q

Release Date: 2019-10-01

Fix Resolution: 2.8.11.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2019-14540

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Publish Date: 2019-09-15

URL: CVE-2019-14540

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 6.454%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/GHSA-h822-r4r5-v8jg

Release Date: 2019-09-15

Fix Resolution: 2.8.11.5

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2018-19360

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Publish Date: 2019-01-02

URL: CVE-2018-19360

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 6.827%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/GHSA-f9hv-mg5h-xcw9

Release Date: 2019-01-02

Fix Resolution: 2.8.11.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2017-7525

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Publish Date: 2018-02-06

URL: CVE-2017-7525

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 82.379%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525

Release Date: 2018-02-06

Fix Resolution: 2.8.9

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-36184

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

Publish Date: 2021-01-06

URL: CVE-2020-36184

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 7.471%

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-01-06

Fix Resolution: 2.9.10.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-36182

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

Publish Date: 2021-01-06

URL: CVE-2020-36182

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 2.95%

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-01-06

Fix Resolution: 2.9.10.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-36181

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

Publish Date: 2021-01-06

URL: CVE-2020-36181

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 5.862%

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-01-06

Fix Resolution: 2.9.10.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-36180

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

Publish Date: 2021-01-06

URL: CVE-2020-36180

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 3.194%

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-01-06

Fix Resolution: 2.9.10.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-36179

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

Publish Date: 2021-01-06

URL: CVE-2020-36179

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 61.883%

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-01-06

Fix Resolution: 2.9.10.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2020-11113

Vulnerable Library - jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://fasterxml.com/

Path to dependency file: /applications/demo/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar

Dependency Hierarchy:

• ❌ jackson-databind-2.8.4.jar (Vulnerable Library)

Found in HEAD commit: 4e5656db54be4b22481fe3774c2caeba51bac190

Found in base branch: main

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

Publish Date: 2020-03-31

URL: CVE-2020-11113

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 60.714%

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113

Release Date: 2020-03-31

Fix Resolution: 2.9.10.4

⛑️ Automatic Remediation will be attempted for this issue.

---

⛑️Automatic Remediation will be attempted for this issue.