Update dependency com.fasterxml.jackson.dataformat:jackson-dataformat-yaml to v2.16.2 #4
Mend for GitHub.com / Mend Security Check
failed
Mar 19, 2026 in 1m 38s
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
WS-2026-0003Path to dependency file: /pom.xml Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.16.2/jackson-core-2.16.2.jar Dependency Hierarchy: -> jackson-dataformat-yaml-2.16.2.jar (Root Library) -> jackson-databind-2.16.2.jar -> ❌ jackson-core-2.16.2.jar (Vulnerable Library) |
 High |
7.5 | Transitive jackson-core-2.16.2.jar |
jackson-dataformat-yaml-2.16.2.jar | Transitive 2.18.6 |
None |
|
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2025-52999 | jackson-core-2.14.2.jar |
| CVE-2022-1471 | snakeyaml-1.33.jar |
| WS-2022-0468 | jackson-core-2.14.2.jar |
| WS-2026-0003 | jackson-core-2.14.2.jar |
Base branch total remaining vulnerabilities: 12
Base branch commit: d5e68dd2aeeb2c8b05f9a50bbe577d3ba8cf732e
Total libraries scanned: 11
Scan token: 9a1c7596e68647dfab687c5d55f9e14d
Loading