Auth0 Home Blog Docs

Io.jsonwebtoken.jjwt 0.9.1 dependencies are tagged as Vulnerable by OWASP dependency Check

Hi,

I am trying to build my project with maven using:
<dependency>
  <groupId>io.jsonwebtoken</groupId>
  <artifactId>jjwt</artifactId>
  <version>0.9.1</version>
</dependency>

But I got this error, when I build the project with dependency-check-maven plugin

One or more dependencies were identified with known vulnerabilities in Project:

jackson-databind-2.9.6.jar (cpe:/a:fasterxml:jackson-databind:2.9.6, com.fasterxml.jackson.core:jackson-databind:2.9.6, cpe:/a:fasterxml:jackson:2.9.6) : CVE-2018-14720, CVE-2018-19360, CVE-2018-14721, CVE-2018-19361, CVE-2019-12086, CVE-2018-19362, CVE-2018-14719,
CVE-2018-1000873

jackson-databind-2.9.9 should fix this.