[CVE:high] Backend : pkg:maven/com.fasterxml.jackson.core:jackson-databind:2.1.0 requires version upgrade

What: this is security issue

{{
{
"path": "Studio",
"advisory": "CVE-2018-14721",
"purl": "pkg:maven/com.fasterxml.jackson.core:jackson-databind:2.1.0",
"severity": "high",
"title": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.",
"tool": "NVD",
"jira": null,
"audit": "2019-04-01",
"context": {
"findings": {
"fc6b3957-06c6-4531-b554-78123269d5d5": {
"088ce7ac-79ef-40c7-b322-b2e50d435244": [

{ "Path": "/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "8440a128-745b-4229-a301-4bd1591afe5e", "Match type": "Exact", "Version id": "088ce7ac-79ef-40c7-b322-b2e50d435244", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.9.6", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.designer.maven.tis_7.1.1.20181026_1147/resources/repository/maven_repository.zip!/", "Component version name": "2.9.6", "Component policy status": "", "Component origin version name": "2.9.6" }

,

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.esb_7.1.1.20181026_1147/lib/jackson-databind-2.9.6.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "8440a128-745b-4229-a301-4bd1591afe5e", "Match type": "Exact", "Version id": "088ce7ac-79ef-40c7-b322-b2e50d435244", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.9.6", "Archive context": "", "Component version name": "2.9.6", "Component policy status": "", "Component origin version name": "2.9.6" }

],
"0d7f082a-255a-47c1-9220-f0f8ee5c1a3b": [

{ "Path": "/com/fasterxml/jackson/databind/", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "d7436903-634a-46e9-bff5-da6f46d8b371", "Match type": "Exact", "Version id": "0d7f082a-255a-47c1-9220-f0f8ee5c1a3b", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.8.7", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.designer.components.oasprovider_7.1.1.20181026_1147.jar!/libs/translator-5.13.2.jar!/", "Component version name": "2.8.7", "Component policy status": "", "Component origin version name": "2.8.7" }

],
"12c335cf-2b5c-4e16-9ca8-98acca897819": [

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.hadoop_7.1.1.20181026_1147/lib/jackson-databind-2.1.1.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "259b1128-7ed1-4a9e-a44d-a9bbb8108536", "Match type": "Exact", "Version id": "12c335cf-2b5c-4e16-9ca8-98acca897819", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.1.1", "Archive context": "", "Component version name": "2.1.1", "Component policy status": "", "Component origin version name": "2.1.1" }

],
"38c52b0f-d0f9-40e5-9d86-178f36cbc818": [

{ "Path": "/repository/com/fasterxml/jackson/core/jackson-databind/2.7.4/jackson-databind-2.7.4.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "e540db77-ef29-4ee5-940f-453d73ea1089", "Match type": "Exact", "Version id": "38c52b0f-d0f9-40e5-9d86-178f36cbc818", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.7.4", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.designer.maven.tis_7.1.1.20181026_1147/resources/repository/maven_repository.zip!/", "Component version name": "2.7.4", "Component policy status": "", "Component origin version name": "2.7.4" }

],
"47043b0d-542d-4fb4-a39a-eda3ee976dd3": [

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/com.fasterxml.jackson.core.jackson-databind_2.9.5.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "79fe7aa8-b0d7-405c-a00e-d676b182ea43", "Match type": "Exact", "Version id": "47043b0d-542d-4fb4-a39a-eda3ee976dd3", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.9.5", "Archive context": "", "Component version name": "2.9.5", "Component policy status": "", "Component origin version name": "2.9.5" }

,

{ "Path": "/jackson-databind-2.9.5.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "79fe7aa8-b0d7-405c-a00e-d676b182ea43", "Match type": "Exact", "Version id": "47043b0d-542d-4fb4-a39a-eda3ee976dd3", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.9.5", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.components.datastewardship_0.25.3.jar!/", "Component version name": "2.9.5", "Component policy status": "", "Component origin version name": "2.9.5" }

,

{ "Path": "/repository/com/fasterxml/jackson/core/jackson-databind/2.9.5/jackson-databind-2.9.5.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "79fe7aa8-b0d7-405c-a00e-d676b182ea43", "Match type": "Exact", "Version id": "47043b0d-542d-4fb4-a39a-eda3ee976dd3", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.9.5", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.designer.maven.tis_7.1.1.20181026_1147/resources/repository/maven_repository.zip!/", "Component version name": "2.9.5", "Component policy status": "", "Component origin version name": "2.9.5" }

],
"8ac9bcfd-2b51-477a-b983-7446b5becc8d": [

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.hadoop.distribution.cdh550.jars_7.1.1.20181026_1147/lib/jackson-databind-2.2.3.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "28cb97c5-a4d2-4f53-9067-670737772f5a", "Match type": "Exact", "Version id": "8ac9bcfd-2b51-477a-b983-7446b5becc8d", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.2.3", "Archive context": "", "Component version name": "2.2.3", "Component policy status": "", "Component origin version name": "2.2.3" }

],
"9d6f9f9f-5d1e-4e9e-b28f-c284d651ad24": [

{ "Path": "/repository/com/fasterxml/jackson/core/jackson-databind/2.1.0/jackson-databind-2.1.0.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "9971dec0-1682-4fcc-b7d9-9d188a9d9b13", "Match type": "Exact", "Version id": "9d6f9f9f-5d1e-4e9e-b28f-c284d651ad24", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.1.0", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.designer.maven.tis_7.1.1.20181026_1147/resources/repository/maven_repository.zip!/", "Component version name": "2.1.0", "Component policy status": "", "Component origin version name": "2.1.0" }

],
"e53643eb-501a-407f-a0b3-57d30a0de620": [

{ "Path": "/repository/com/fasterxml/jackson/core/jackson-databind/2.8.10/jackson-databind-2.8.10.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "1239c3a3-d285-4287-ab62-71e2f2a72d6e", "Match type": "Exact", "Version id": "e53643eb-501a-407f-a0b3-57d30a0de620", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.8.10", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.designer.maven.tis_7.1.1.20181026_1147/resources/repository/maven_repository.zip!/", "Component version name": "2.8.10", "Component policy status": "", "Component origin version name": "2.8.10" }

],
"f8f3b59b-f1b6-457d-be0b-f38a66a5beb3": [

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.hadoop.distribution.cdh570.jars_7.1.1.20181026_1147/lib/jackson-databind-2.5.4.redhat-2.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "220da205-464b-4807-a376-ac11d868ca09", "Match type": "Exact", "Version id": "f8f3b59b-f1b6-457d-be0b-f38a66a5beb3", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.5.4.redhat-2", "Archive context": "", "Component version name": "2.5.4", "Component policy status": "", "Component origin version name": "2.5.4.redhat-2" }

,

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.hadoop.distribution.hdp250.jars_7.1.1.20181026_1147/lib/jackson-databind-2.5.4.redhat-2.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "220da205-464b-4807-a376-ac11d868ca09", "Match type": "Exact", "Version id": "f8f3b59b-f1b6-457d-be0b-f38a66a5beb3", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.5.4.redhat-2", "Archive context": "", "Component version name": "2.5.4", "Component policy status": "", "Component origin version name": "2.5.4.redhat-2" }

,

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.hadoop.distribution.hdp260.jars_7.1.1.20181026_1147/lib/jackson-databind-2.5.4.redhat-2.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "220da205-464b-4807-a376-ac11d868ca09", "Match type": "Exact", "Version id": "f8f3b59b-f1b6-457d-be0b-f38a66a5beb3", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.5.4.redhat-2", "Archive context": "", "Component version name": "2.5.4", "Component policy status": "", "Component origin version name": "2.5.4.redhat-2" }

,

{ "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.hadoop.distribution.cdh550.jars_7.1.1.20181026_1147/lib/jackson-databind-2.5.4.redhat-2.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "220da205-464b-4807-a376-ac11d868ca09", "Match type": "Exact", "Version id": "f8f3b59b-f1b6-457d-be0b-f38a66a5beb3", "Origin name": "maven", "Component id": "fc6b3957-06c6-4531-b554-78123269d5d5", "Match content": "", "Overridden By": "", "Component name": "jackson-databind", "Origin name id": "com.fasterxml.jackson.core:jackson-databind:2.5.4.redhat-2", "Archive context": "", "Component version name": "2.5.4", "Component policy status": "", "Component origin version name": "2.5.4.redhat-2" }

]
}
}
},
"uuid": "21929f32-ddd1-4c94-8369-1b7bba48a2e2",
"version": "7.1",
"jira_slug": "TUP",
"jira_component": null
}
}}