[PPP-4743] - Added changes for Vulnerable Component: Jackson ASL

[nawaz34-hitachivantara]

No description provided.

[hitachivantarasonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[buildguy]

📦 Vulnerable Dependencies

✍️ Summary

SEVERITY	DIRECT DEPENDENCIES	IMPACTED DEPENDENCY	FIXED VERSIONS	CVES
Critical	org.mnode.mstor:mstor:0.9.13 pentaho:pentaho-big-data-assemblies-pmr-libraries:10.3.0.0-SNAPSHOT	org.jyaml:jyaml 1.3	-	CVE-2020-8441
High	jdom:jdom:1.0 pentaho:pentaho-big-data-assemblies-pmr-libraries:10.3.0.0-SNAPSHOT	jdom:jdom 1.0	-	CVE-2021-33813

🔬 Research Details

[ CVE-2020-8441 ] org.jyaml:jyaml 1.3

Description:
JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.

[ CVE-2021-33813 ] jdom:jdom 1.0

Description:
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

Note:

---

Frogbot also supports Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning. This features are included as part of the JFrog Advanced Security package, which isn't enabled on your system.

---

🐸 JFrog Frogbot

[buildguy]

❌ Build failed in 21m 26s

Build command:

mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl assemblies/features

---

❗ No tests found!

ℹ️ This is an automatic message