Fix Critical security vulnerability

com.fasterxml.jackson.core : jackson-databind : 2.9.9 Change-Id: I81af7879cb1fbcd158177a3dc220b704ff2f3388 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3111
author: vasraz <vasyl.razinkov@est.tech> 2020-06-11 17:05:29 +0100
committer: Ofir Sonsino <ofir.sonsino@intl.att.com> 2020-06-15 07:50:00 +0000
commit: ca685bb55cd192ab58c62663a31f5292697a4182 (patch)
tree: fe3f78611ab839ab6028cfebb2178ba55136bd93 /catalog-be
parent: b3acc89be057e65e296992320bf8f36b888e4c3d (diff)
1 files changed, 68 insertions, 11 deletions
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index 7f34e15c56..47650bd8c7 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -38,17 +38,32 @@
 
     <!--JSON and YAML Parsing-->
     <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-core</artifactId>
+      <version>${jackson.version}</version>
+    </dependency>
+    <dependency>
       <groupId>com.fasterxml.jackson.dataformat</groupId>
       <artifactId>jackson-dataformat-yaml</artifactId>
       <version>${jackson.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
       <version>${jackson.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -63,6 +78,12 @@
       <groupId>io.swagger.core.v3</groupId>
       <artifactId>swagger-jaxrs2</artifactId>
       <version>${swagger.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>io.swagger.core.v3</groupId>
@@ -75,7 +96,12 @@
       <groupId>org.openecomp.sdc</groupId>
       <artifactId>common-app-api</artifactId>
       <version>${project.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -95,14 +121,24 @@
       <groupId>org.openecomp.sdc.be</groupId>
       <artifactId>catalog-dao</artifactId>
       <version>${project.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
       <groupId>org.openecomp.sdc.be</groupId>
       <artifactId>catalog-model</artifactId>
       <version>${project.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -141,7 +177,12 @@
       <groupId>org.glassfish.jersey.media</groupId>
       <artifactId>jersey-media-json-jackson</artifactId>
       <version>${jersey-bom.version}</version>
-      <scope>compile</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
@@ -510,6 +551,10 @@
           <groupId>com.att.aft</groupId>
           <artifactId>dme2</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
     <dependency>
@@ -672,6 +717,12 @@
       <groupId>org.onap.sdc.common</groupId>
       <artifactId>onap-tosca-datatype</artifactId>
       <version>${project.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
@@ -688,11 +739,17 @@
       <artifactId>security-util-lib</artifactId>
       <version>${security.util.lib.version}</version>
     </dependency>
-        <dependency>
-            <groupId>org.openecomp.sdc.core</groupId>
-            <artifactId>openecomp-tosca-lib</artifactId>
-            <version>${project.version}</version>
-        </dependency>
+    <dependency>
+      <groupId>org.openecomp.sdc.core</groupId>
+      <artifactId>openecomp-tosca-lib</artifactId>
+      <version>${project.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>com.fasterxml.jackson.core</groupId>
+          <artifactId>jackson-core</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
   </dependencies>
 
   <build>
author	vasraz <vasyl.razinkov@est.tech>	2020-06-11 17:05:29 +0100
committer	Ofir Sonsino <ofir.sonsino@intl.att.com>	2020-06-15 07:50:00 +0000
commit	ca685bb55cd192ab58c62663a31f5292697a4182 (patch)
tree	fe3f78611ab839ab6028cfebb2178ba55136bd93 /catalog-be
parent	b3acc89be057e65e296992320bf8f36b888e4c3d (diff)