Latest scan has revealed ten new CVEs related to FasterXML jackson-databind 2.9.10.7.
Since seven of them have CVSS score 9.8, this is a critical issue.
The ten CVEs are:
https://nvd.nist.gov/vuln/detail/CVE-2020-35490
https://nvd.nist.gov/vuln/detail/CVE-2020-35491
https://nvd.nist.gov/vuln/detail/CVE-2020-35728
https://nvd.nist.gov/vuln/detail/CVE-2020-36183
https://nvd.nist.gov/vuln/detail/CVE-2020-36184
https://nvd.nist.gov/vuln/detail/CVE-2020-36185
https://nvd.nist.gov/vuln/detail/CVE-2020-36186
https://nvd.nist.gov/vuln/detail/CVE-2020-36187
https://nvd.nist.gov/vuln/detail/CVE-2020-36188
https://nvd.nist.gov/vuln/detail/CVE-2020-36189
Release : 10.7.0
Component : Introscope
Jackson-databind library has been updated to version 2.9.10.8 in 10.7 hotfix 77