Io.jsonwebtoken.jjwt 0.9.1 dependencies are tagged as Vulnerable by OWASP dependency Check

pvma · June 4, 2019, 4:49am

Hi,

I am trying to build my project with maven using:
<dependency>
  <groupId>io.jsonwebtoken</groupId>
  <artifactId>jjwt</artifactId>
  <version>0.9.1</version>
</dependency>

But I got this error, when I build the project with dependency-check-maven plugin

One or more dependencies were identified with known vulnerabilities in Project:

jackson-databind-2.9.6.jar (cpe:/a:fasterxml:jackson-databind:2.9.6, com.fasterxml.jackson.core:jackson-databind:2.9.6, cpe:/a:fasterxml:jackson:2.9.6) : CVE-2018-14720, CVE-2018-19360, CVE-2018-14721, CVE-2018-19361, CVE-2019-12086, CVE-2018-19362, CVE-2018-14719,
CVE-2018-1000873

jackson-databind-2.9.9 should fix this.

Topic		Replies	Views
Why I'm getting : JsonWebTokenError: jwt malformed JWT.io jwt , auth0 , api , authentication	4	13114	May 22, 2023
JWT Token Library / maven: com.nimbusds / nimbus-jose-jwt JWT.io	2	2814	November 29, 2021
Maven Central - Auth0 Java MVC Common 1.5 - compile dependencies error Help jwt , auth0	5	3321	February 25, 2021
Are tokens generated on jwt.io subject to this exploit? JWT.io	2	1110	January 11, 2023
Supported java-jwt library for Java 1.6 Help jwt , auth0 , support , java , java-jwt-support-doc	2	5356	September 2, 2019

Io.jsonwebtoken.jjwt 0.9.1 dependencies are tagged as Vulnerable by OWASP dependency Check

Related topics