ehcache 2.10.9.2 reported to have vulnerability CVE-2020-36518, CVE-2021-46877, CVE-2022-42003, CVE-2022-42004, CVE-2023-36478

[amolbhonsle21]

CVE-2020-36518,
jackson-databind 2.11.1 is being shipped inside package called rest-management-private-classpath of ehcache-2.10.9.2 jar
recommendation is to upgrade it to either of 2.12.6.1 or 2.13.2.1 versions

CVE-2021-46877,
jackson-databind 2.11.1 is being shipped inside package called rest-management-private-classpath of ehcache-2.10.9.2 jar
recommendation is to upgrade it to either of 2.12.6 or 2.13.1 versions

CVE-2022-42003,
jackson-databind 2.11.1 is being shipped inside package called rest-management-private-classpath of ehcache-2.10.9.2 jar
recommendation is to upgrade it to either of 2.12.7.1 or 2.13.4.2 versions

CVE-2022-42004,
jackson-databind 2.11.1 is being shipped inside package called rest-management-private-classpath of ehcache-2.10.9.2 jar
recommendation is to upgrade it to either of 2.12.7.1 or 2.13.4 versions

CVE-2023-36478
jetty-http 9.4.39.v20210325 is being shipped inside package called rest-management-private-classpath of ehcache-2.10.9.2 jar
recommendation is to upgrade it to either of 10.0.16, 11.0.16 or 9.4.53 versions

CVE-2021-28168
jersey-common 2.31 is being shipped inside package called rest-management-private-classpath of ehcache-2.10.9.2 jar
recommendation is to upgrade it to either of 2.34 or 3.0.2 versions

Please check these vulnerabilities in ehcache.2 x and ehcache 3.x releases and upgrade as per recommendations.