Skip to content

fix(deps): vuln com.fasterxml.jackson.core:jackson-databind (minor → 2.22.0) [integration-tests/lambda]#1295

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/maven/lambda/1-1783415426
Draft

fix(deps): vuln com.fasterxml.jackson.core:jackson-databind (minor → 2.22.0) [integration-tests/lambda]#1295
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/maven/lambda/1-1783415426

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 1 package upgraded (MINOR changes included)

Manifests changed:

  • integration-tests/lambda (maven)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
com.fasterxml.jackson.core:jackson-databind 2.15.2 2.22.0 minor Direct 2 HIGH, 2 MEDIUM

Security Details

🚨 Critical & High Severity (2 fixed)
Package CVE Severity Summary Unsafe Version Fixed In Case
com.fasterxml.jackson.core:jackson-databind GHSA-j3rv-43j4-c7qm HIGH jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation 2.15.2 2.18.8 -
com.fasterxml.jackson.core:jackson-databind GHSA-rmj7-2vxq-3g9f HIGH jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray) 2.15.2 2.18.8 -
ℹ️ Other Vulnerabilities (2)
Package CVE Severity Summary Unsafe Version Fixed In Case
com.fasterxml.jackson.core:jackson-databind GHSA-hgj6-7826-r7m5 MODERATE jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF) 2.15.2 2.18.8 -
com.fasterxml.jackson.core:jackson-databind GHSA-5jmj-h7xm-6q6v MODERATE jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties 2.15.2 - -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
com.fasterxml.jackson.core:jackson-databind 2.15.2 - 2.22.0 integration-tests/lambda/default-java/pom.xml

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-official

datadog-official Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 3 Pipeline jobs failed

DataDog/datadog-lambda-extension | e2e-test-status (amd64, fips)   View in Datadog   GitLab

DataDog/datadog-lambda-extension | publish integration layer (arm64)   View in Datadog   GitLab

DataDog/datadog-lambda-extension | publish layer e2e sandbox (amd64)   View in Datadog   GitLab

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 7c9ef76 | Docs | Datadog PR Page | Give us feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants