A security scan or GitHub security advisory has flagged the library com.fasterxml.jackson.core:jackson-core version 2.16.1 as vulnerable to GHSA-72hv-8253-57qq. This vulnerability exists in versions >= 2.0.0 and <= 2.18.5. The vulnerability is categorized with a vendor severity of High.

• File Path: /opt/autosys/agent_source/netagt/jars/ext/jackson-core.jar

• Library Version detected: 2.16.1

Workload Automation Agent for:
   Linux x86_64 64-bit
   Version  24.0.00-7794

This vulnerability does not affect Workload Automation Agents as the product makes use of the synchronous parser.

According to the GitHub Advisory GHSA-72hv-8253-57qq:

• Vulnerable: "Only the non-blocking (async) JSON parser in jackson-core (e.g. NonBlockingUtf8JsonParserBase, NonBlockingByteArrayJsonParser, createNonBlockingByteArrayParser(), feedInput() / endOfInput())."

• Not vulnerable: "The synchronous parser correctly enforces maxNumberLength. The advisory states: 'The standard synchronous parser correctly enforces this limit.'"

GitHub Security Advisory: https://github.com/advisories/GHSA-72hv-8253-57qq