firebase-admin-java 9.8.0 has a transitive dependency on com.fasterxml.jackson.core:jackson-core:2.18.2, which has https://osv.dev/vulnerability/GHSA-72hv-8253-57qq
here's the dependencyInsights output:
com.fasterxml.jackson.core:jackson-core:2.18.2 -> 2.18.6
--- com.google.cloud:google-cloud-storage:2.63.0
+--- runtimeClasspath (requested com.google.cloud:google-cloud-storage:{strictly 2.63.0})
+--- com.google.firebase:firebase-admin:9.8.0
(i couldnt find an open source repo for google-cloud-storage otherwise would have reported it there. Also tried to report through the security channel, but they said it wasnt severe enough to track as a security bug and to report on Github)
firebase-admin-java 9.8.0 has a transitive dependency on com.fasterxml.jackson.core:jackson-core:2.18.2, which has https://osv.dev/vulnerability/GHSA-72hv-8253-57qq
here's the dependencyInsights output:
com.fasterxml.jackson.core:jackson-core:2.18.2 -> 2.18.6
--- com.google.cloud:google-cloud-storage:2.63.0
+--- runtimeClasspath (requested com.google.cloud:google-cloud-storage:{strictly 2.63.0})
+--- com.google.firebase:firebase-admin:9.8.0
(i couldnt find an open source repo for google-cloud-storage otherwise would have reported it there. Also tried to report through the security channel, but they said it wasnt severe enough to track as a security bug and to report on Github)