diff --git a/lib/workers/repository/init/vulnerability.js b/lib/workers/repository/init/vulnerability.js
index 6163ae5d616e448a0d0d69cfb65f6ad6fd29b313..fbb891835a2ad4312519b619da528e7b88272d7f 100644
--- a/lib/workers/repository/init/vulnerability.js
+++ b/lib/workers/repository/init/vulnerability.js
@@ -123,10 +123,16 @@ async function detectVulnerabilityAlerts(input) {
       } catch (err) /* istanbul ignore next */ {
         logger.warn({ err }, 'Error generating vulnerability PR notes');
       }
+      let matchCurrentVersion;
+      if (datasource === 'maven') {
+        matchCurrentVersion = `(,${val.firstPatchedVersion})`;
+      } else {
+        matchCurrentVersion = `< ${val.firstPatchedVersion}`;
+      }
       const matchRule = {
         datasources: [datasource],
         packageNames: [depName],
-        matchCurrentVersion: `< ${val.firstPatchedVersion}`,
+        matchCurrentVersion,
         prBodyNotes,
         force: {
           ...config.vulnerabilityAlerts,
diff --git a/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap b/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap
index 40b80a4b97eb2cd8f5fc489907b89fdee8d78d2d..25496d3e6204be7dbcb7196b1b0f02ffc0f4adb9 100644
--- a/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap
+++ b/test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap
@@ -110,5 +110,44 @@ Ansible before version 2.2.0 fails to properly sanitize fact variables sent from
 Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.",
     ],
   },
+  Object {
+    "datasources": Array [
+      "maven",
+    ],
+    "force": Object {
+      "branchTopic": "maven-com.fasterxml.jackson.core:jackson-databind-vulnerability",
+      "commitMessageSuffix": "[SECURITY]",
+      "groupName": null,
+      "masterIssueApproval": false,
+      "rangeStrategy": "update-lockfile",
+      "schedule": Array [],
+      "vulnerabilityAlert": true,
+    },
+    "matchCurrentVersion": "(,2.7.9.4)",
+    "packageNames": Array [
+      "com.fasterxml.jackson.core:jackson-databind",
+    ],
+    "prBodyNotes": Array [
+      "### GitHub Vulnerability Alerts",
+      "#### [CVE-2018-12022](https://nvd.nist.gov/vuln/detail/CVE-2018-12022)
+
+An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
+    ],
+  },
+  Object {
+    "allowedVersions": ">= 2.7.9.4",
+    "datasources": Array [
+      "maven",
+    ],
+    "packageNames": Array [
+      "com.fasterxml.jackson.core:jackson-databind",
+    ],
+    "prBodyNotes": Array [
+      "### GitHub Vulnerability Alerts",
+      "#### [CVE-2018-12022](https://nvd.nist.gov/vuln/detail/CVE-2018-12022)
+
+An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
+    ],
+  },
 ]
 `;
diff --git a/test/workers/repository/init/vulnerability.spec.js b/test/workers/repository/init/vulnerability.spec.js
index 8dc35731fdf7fd86d81cf4ccf1b99708131b7cb6..3ce3e33f7530e7beb3c1129558546b087f2d6fbd 100644
--- a/test/workers/repository/init/vulnerability.spec.js
+++ b/test/workers/repository/init/vulnerability.spec.js
@@ -239,10 +239,36 @@ describe('workers/repository/init/vulnerability', () => {
             vulnerableVersionRange: '< 2.1.4',
           },
         },
+        {
+          dismissReason: null,
+          vulnerableManifestFilename: 'pom.xml',
+          vulnerableManifestPath: 'pom.xml',
+          vulnerableRequirements: '= 2.4.2',
+          securityAdvisory: {
+            description:
+              'An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.',
+            identifiers: [
+              { type: 'GHSA', value: 'GHSA-cjjf-94ff-43w7' },
+              { type: 'CVE', value: 'CVE-2018-12022' },
+            ],
+            references: [
+              { url: 'https://nvd.nist.gov/vuln/detail/CVE-2018-12022' },
+            ],
+            severity: 'HIGH',
+          },
+          securityVulnerability: {
+            package: {
+              name: 'com.fasterxml.jackson.core:jackson-databind',
+              ecosystem: 'MAVEN',
+            },
+            firstPatchedVersion: { identifier: '2.7.9.4' },
+            vulnerableVersionRange: '< 2.7.9.4',
+          },
+        },
       ]);
       const res = await detectVulnerabilityAlerts(config);
       expect(res.packageRules).toMatchSnapshot();
-      expect(res.packageRules).toHaveLength(4);
+      expect(res.packageRules).toHaveLength(6);
     });
   });
 });