Skip to content

Bump com.fasterxml.jackson.core:jackson-databind from 2.17.0 to 2.22.0 in /pic-sure-auth-services#294

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/pic-sure-auth-services/com.fasterxml.jackson.core-jackson-databind-2.22.0
Open

Bump com.fasterxml.jackson.core:jackson-databind from 2.17.0 to 2.22.0 in /pic-sure-auth-services#294
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/pic-sure-auth-services/com.fasterxml.jackson.core-jackson-databind-2.22.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps com.fasterxml.jackson.core:jackson-databind from 2.17.0 to 2.22.0.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.17.0 to 2.22.0.
- [Commits](https://github.com/FasterXML/jackson/commits)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 29, 2026
@dbmi-svc-checkmarx

Copy link
Copy Markdown

Logo
Checkmarx One – Scan Summary & Details4516c927-2695-4114-99ea-f5c8c5a74127


New Issues (16) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 HIGH CVE-2026-13006 Maven-ch.qos.logback:logback-core-1.5.22
detailsRecommended version: 1.5.35
Description: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core in Java applications, allows an attacker to execute arbitrary...
Attack Vector: LOCAL
Attack Complexity: LOW
Vulnerable Package
2 HIGH CVE-2026-47838 Maven-org.springframework.security:spring-security-web-6.5.7
detailsRecommended version: 6.5.11
Description: SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
3 HIGH CVE-2026-47838 Maven-org.springframework.security:spring-security-config-6.5.7
detailsRecommended version: 6.5.11
Description: SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
4 MEDIUM CVE-2026-22745 Maven-org.springframework:spring-webmvc-6.2.8
detailsRecommended version: 6.2.18
Description: Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application c...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
5 MEDIUM CVE-2026-40992 Maven-org.springframework.boot:spring-boot-autoconfigure-3.5.9
detailsRecommended version: 3.5.15
Description: Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.m...
Attack Vector: ADJACENT_NETWORK
Attack Complexity: HIGH
Vulnerable Package
6 MEDIUM CVE-2026-41001 Maven-org.springframework.boot:spring-boot-autoconfigure-3.5.9
detailsRecommended version: 3.5.15
Description: Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explic...
Attack Vector: LOCAL
Attack Complexity: LOW
Vulnerable Package
7 MEDIUM CVE-2026-41706 Maven-org.springframework.security:spring-security-web-6.5.7
detailsRecommended version: 6.5.11
Description: Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
8 MEDIUM CVE-2026-41840 Maven-org.springframework:spring-web-6.2.8
detailsRecommended version: 6.2.19
Description: Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framewo...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
9 MEDIUM CVE-2026-41841 Maven-org.springframework:spring-web-6.2.8
detailsRecommended version: 6.2.19
Description: Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Fr...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
10 MEDIUM CVE-2026-41843 Maven-org.springframework:spring-web-6.2.8
detailsRecommended version: 6.2.19
Description: Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework ...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
11 MEDIUM CVE-2026-41844 Maven-org.springframework:spring-web-6.2.8
detailsRecommended version: 6.2.19
Description: A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
12 MEDIUM CVE-2026-41846 Maven-org.springframework:spring-webmvc-6.2.8
detailsRecommended version: 6.2.19
Description: Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary H...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
13 MEDIUM CVE-2026-41852 Maven-org.springframework:spring-expression-6.2.13
detailsRecommended version: 6.2.19
Description: A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
14 MEDIUM CVE-2026-41853 Maven-org.springframework:spring-web-6.2.8
detailsRecommended version: 6.2.19
Description: Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
15 MEDIUM CVE-2026-41854 Maven-org.springframework:spring-web-6.2.8
detailsRecommended version: 6.2.19
Description: Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be expose...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
16 LOW CVE-2026-22746 Maven-org.springframework.security:spring-security-core-6.5.7
detailsRecommended version: 6.5.10
Description: Vulnerability in Spring Spring Security. If an application is using theUserDetails#isEnabled,#isAccountNonExpired, or#isAccountNonLockeduser attrib...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant