Bump com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.12.7.1 by dependabot[bot] · Pull Request #2 · eroad/swagger-maven-plugin

dependabot · 2025-07-31T04:47:04Z

Bumps com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.12.7.1.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.10.1 to 2.12.7.1. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: 2.12.7.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

jpeaks-eroad · 2025-07-31T05:53:35Z

Checkmarx One – Scan Summary & Details – a9fef51e-9e07-40ec-a713-2ac6f4a92de7

New Issues (13)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2021-26291	Maven-org.apache.maven:maven-core-3.6.0	details Recommended version: 3.8.1 Description: Apache Maven will follow repositories that are defined in a dependency's Project Object Model (pom) which may be surprising to some users, resultin... Attack Vector: NETWORK Attack Complexity: LOW `ID: IgP2CDoDLkLJbxoQdwAzAcY5qTm%2FEwbv7NYf96VBa4s%3D` Vulnerable Package
CVE-2021-26291	Maven-org.apache.maven:maven-compat-3.6.0	details Recommended version: 3.8.1 Description: Apache Maven will follow repositories that are defined in a dependency's Project Object Model (pom) which may be surprising to some users, resultin... Attack Vector: NETWORK Attack Complexity: LOW `ID: QYhThj9xbIX82n68Ln5LaKxKA4KY%2BdbRICzQgRQ0bZU%3D` Vulnerable Package
CVE-2022-1471	Maven-org.yaml:snakeyaml-1.24	details Recommended version: 2.0 Description: SnakeYaml's "Constructor()" class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by ... Attack Vector: NETWORK Attack Complexity: LOW `ID: B%2FUPA6gNrpoJumPZGydkxkfxjm%2BC%2F2FszvmyPXB0eqM%3D` Vulnerable Package
CVE-2023-37460	Maven-org.codehaus.plexus:plexus-archiver-2.2	details Recommended version: 4.8.0 Description: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` A... Attack Vector: NETWORK Attack Complexity: LOW `ID: VEQBdAQ47AoTpJJsQome6wK0IneBcD5R8Y8MXQmxvSY%3D` Vulnerable Package
CVE-2023-24998	Maven-commons-fileupload:commons-fileupload-1.4	details Recommended version: 1.6.0 Description: Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed, resulting in the possibility of an attacker trig... Attack Vector: NETWORK Attack Complexity: LOW `ID: S%2BRxywDBcWanlIG7Z1dmS5hR4F0YGHc7PX%2FENoDd05c%3D` Vulnerable Package
CVE-2023-26464	Maven-log4j:log4j-1.2.12	details Recommended version: 1.2.17.redhat-00008 Description: When using the Chainsaw or SocketAppender components with Log4j versions 1.0.4 prior to 2.0, an attacker that manages to cause a logging entry invo... Attack Vector: NETWORK Attack Complexity: LOW `ID: nhahxlsbMh%2Fntrz72wl7Aby2m9YBqZNqDWAG73hEMRM%3D` Vulnerable Package
CVE-2023-2976	Maven-com.google.guava:guava-28.1-jre	details Recommended version: 32.0.0.jre-redhat-00001 Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 through 31.1-jre on Unix syste... Attack Vector: LOCAL Attack Complexity: LOW `ID: a7XI8ilB2EPGSEkfIQnvhOXI%2Bju9Ki%2BTn1Bvzdsz%2BDs%3D` Vulnerable Package
CVE-2024-47554	Maven-commons-io:commons-io-2.2	details Recommended version: 2.11.0.redhat-00004 Description: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The "org.apache.commons.io.input.XmlStreamReader" class may excessively consu... Attack Vector: NETWORK Attack Complexity: LOW `ID: Umi8lADY6eT%2FroN4ATnxDCBWG2yfu%2FoeGmBpTfFtZLI%3D` Vulnerable Package
CVE-2025-48976	Maven-commons-fileupload:commons-fileupload-1.4	details Recommended version: 1.6.0 Description: Allocation of resources for multipart headers with insufficient limits enabled a Denial of Service (DoS) vulnerability in Apache Commons FileUpload... Attack Vector: NETWORK Attack Complexity: LOW `ID: lyYrOzmye1T82PT0KB7EFRohyxnBnST9nnOfMuCgedg%3D` Vulnerable Package
CVE-2025-52999	Maven-com.fasterxml.jackson.core:jackson-core-2.12.7	details Recommended version: 2.15.0 Description: The jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions pr... Attack Vector: NETWORK Attack Complexity: LOW `ID: l1lFJGJPfUqGwJ%2Fscnm3391OH0LvcDJZQY3uu6BnzwA%3D` Vulnerable Package
CVE-2021-47621	Maven-io.github.classgraph:classgraph-4.6.32	details Recommended version: 4.8.112 Description: The package ClassGraph prior to 4.8.112 was not resistant to XML External Entity (XXE) attacks. Attack Vector: NETWORK Attack Complexity: LOW `ID: fwauDsiJHccTCgGdcAThVfr8ipF%2Bd5Y23a5GjJ8s8AU%3D` Vulnerable Package
CVE-2025-48924	Maven-org.apache.commons:commons-lang3-3.8.1	details Recommended version: 3.18.0 Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu... Attack Vector: NETWORK Attack Complexity: LOW `ID: aYZ6ZUsvTE4S9UXFTIvWSAUef55Kzky9Qd%2FxZKV4FpY%3D` Vulnerable Package
CVE-2025-49128	Maven-com.fasterxml.jackson.core:jackson-core-2.12.7	details Recommended version: 2.15.0 Description: Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In com.fasterxml.j... Attack Vector: LOCAL Attack Complexity: LOW `ID: DY2ND9t929COEVS5OaZkxSanlHBZY3m5mYt%2FhGAD%2FxQ%3D` Vulnerable Package

Fixed Issues (453)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Array Without Maximum Number of Items (v3)~~	/swagger-expected.yaml: 12
	~~CVE-2020-10650~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1
	~~CVE-2020-25649~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1
	~~CVE-2020-36518~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1
	~~CVE-2021-20190~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1
	~~CVE-2022-42003~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1
	~~CVE-2022-42004~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.10.1
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger.json: 1
	~~Field 'securityScheme' On Components Is Undefined~~	/open-api.json: 1
	~~Field 'securityScheme' On Components Is Undefined~~	/open-api.json: 97
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger.json: 1
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger.json: 1
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger.yaml: 69
	~~Field 'securityScheme' On Components Is Undefined~~	/open-api.yaml: 70
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger.json: 1
	~~Field 'securityScheme' On Components Is Undefined~~	/open-api.yaml: 70
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger-expected.yaml: 1
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger.yaml: 51
	~~Field 'securityScheme' On Components Is Undefined~~	/swagger.json: 1
	~~Global Security Field Is Undefined (v3)~~	/swagger.json: 1
	~~Global Security Field Is Undefined (v3)~~	/open-api.yaml: 1
	~~Global Security Field Is Undefined (v3)~~	/open-api.json: 1
	~~Global Security Field Is Undefined (v3)~~	/open-api.yaml: 1
	~~Global Security Field Is Undefined (v3)~~	/swagger.json: 1
	~~Global Security Field Is Undefined (v3)~~	/open-api.json: 2
	~~Global Security Field Is Undefined (v3)~~	/swagger-expected.yaml: 1
	~~Global Security Field Is Undefined (v3)~~	/swagger.yaml: 1
	~~Global Security Field Is Undefined (v3)~~	/swagger.json: 1
	~~Global Security Field Is Undefined (v3)~~	/swagger.json: 1
	~~Global Security Field Is Undefined (v3)~~	/swagger.json: 1
	~~Global Security Field Is Undefined (v3)~~	/swagger.yaml: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.yaml: 44
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.yaml: 22
	~~No Global And Operation Security Defined (v3)~~	/open-api.yaml: 63
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.yaml: 62
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/open-api.json: 84
	~~No Global And Operation Security Defined (v3)~~	/open-api.json: 25
	~~No Global And Operation Security Defined (v3)~~	/open-api.yaml: 63
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/open-api.json: 49
	~~No Global And Operation Security Defined (v3)~~	/swagger.yaml: 21
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger-expected.yaml: 4
	~~No Global And Operation Security Defined (v3)~~	/open-api.json: 1
	~~No Global And Operation Security Defined (v3)~~	/open-api.json: 1
	~~No Global And Operation Security Defined (v3)~~	/open-api.yaml: 40
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.yaml: 4
	~~No Global And Operation Security Defined (v3)~~	/open-api.yaml: 40
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/open-api.yaml: 23
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/open-api.yaml: 23
	~~No Global And Operation Security Defined (v3)~~	/swagger.yaml: 39
	~~No Global And Operation Security Defined (v3)~~	/open-api.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~No Global And Operation Security Defined (v3)~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/open-api.yaml: 72
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/open-api.json: 99
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/open-api.yaml: 30
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/open-api.json: 1
	~~Additional Properties Too Permissive~~	/open-api.yaml: 47
	~~Additional Properties Too Permissive~~	/swagger.yaml: 29
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/swagger.yaml: 28
	~~Additional Properties Too Permissive~~	/open-api.json: 1
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/open-api.json: 56
	~~Additional Properties Too Permissive~~	/open-api.yaml: 30
	~~Additional Properties Too Permissive~~	/swagger-expected.yaml: 11
	~~Additional Properties Too Permissive~~	/swagger.yaml: 46
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/open-api.json: 1
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/swagger.yaml: 11
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/swagger.yaml: 53
	~~Additional Properties Too Permissive~~	/open-api.yaml: 72
	~~Additional Properties Too Permissive~~	/swagger.json: 1
	~~Additional Properties Too Permissive~~	/open-api.yaml: 47
	~~Additional Properties Too Permissive~~	/swagger.yaml: 71
	~~Additional Properties Too Permissive~~	/open-api.json: 32

More results are available on the CxOne platform

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.12.7.1#2

Bump com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.12.7.1#2
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/com.fasterxml.jackson.core-jackson-databind-2.12.7.1

dependabot bot commented on behalf of github Jul 31, 2025

Uh oh!

jpeaks-eroad commented Jul 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Jul 31, 2025

Uh oh!

jpeaks-eroad commented Jul 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant