I have tried all the versions of jackson-databind (including version suggested on whitesource fix), but all the version for jackson-databind showing vulnerability on whitesource scan.
Below is the description of the issue and we can also see the WhiteSource Note :
Can someone help me here to resolve this?
Note: I am using jackson-databind dependency so can not exclude it in pom.xml
The fix for it on the way. Thanks to the open source community. In mean time if there is possibility of a waiver, please request from your vendor.
More details can be found at https://github.com/FasterXML/jackson-databind/issues/2816