square / square-java-sdk

Java client library for the Square API

https://developer.squareup.com

There is a vulnerability in jackson-databind 2.9.10.53 ,upgrade recommended

QiAnXinCodeSafe opened this issue 3 years ago · comments

奇安信CodeSafe commented 3 years ago

square-java-sdk/pom.xml

Line 121 in fef7374

<jackson.databind.version>2.9.10.5</jackson.databind.version>

CVE-2021-20190 CVE-2020-24616 CVE-2020-36179 CVE-2020-36181 CVE-2020-36183

Recommended upgrade version：
2.9.10.8

Wolfgang Schuster commented 2 years ago

The latest SDK has an updated version of jackson-databind.