I have tried all the versions of jackson-databind (including version suggested on whitesource fix), but all the version for jackson-databind showing vulnerability on whitesource scan.
Below is the description of the issue and we can also see the WhiteSource Note :
Note: Tried to update the spring to latest version, issue still persist
Questions asked on StackOverflow: https://stackoverflow.com/questions/71512818/cve-2020-36518-unable-to-resolve-whitesource-vulnerability-for-jackson-databin
Comment From: bclozel
It looks like you're getting help on StackOverflow. This question is not about Spring Framework. Closing this as a result.