You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PrismaCloud scan reports following High vulnerability:
java high com.fasterxml.jackson.core_jackson-core 2.13.5 The Apache Software License, Version 2.0 7.5 fixed in 2.15.0 00:00.0 DoS - High, Has fix, High severity com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS). The package does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended and leads to Uncontrolled Resource Consumption (\'Resource Exhaustion\').
Current Behavior
PrismaCloud scan reports following High vulnerability:
Expected Behavior
Dependent lib could be upgraded to 2.15.3, which is fixed.
https://github.com/adorsys/keycloak-config-cli/blob/main/pom.xml#L71
I have already tried to run all test container tests locally and there were now failures after increasing the jackson version to 2.15.3.
Steps To Reproduce
No response
Environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: