Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.9.0
-
None
-
None
Description
While security scanning one of my projects through WhiteSource I encountered a vulnerability by ID CVE-2019-10202 [1] from Flume 1.9.0
Further investigating on this, the issue was from one of your used dependency Avro 1.7.4 which is vulnerable due to the use of jackson-core-asl and jackson-mapper-asl. This issue from project Avro is fixed in version 1.9.2 [2]
Is this vulnerability affects Flume or Is this a known vulnerability?
Is there a plan to release a new version of Flume with updated Avro?