[KAFKA-13775] CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.0, 3.0.0, 3.0.1
Fix Version/s: 3.2.0, 3.1.1
Component/s: None
Labels:
- CVE
- security

Description

CVE-2020-36518 vulnerability affects Jackson-Databind in Kafka (see https://github.com/advisories/GHSA-57j2-w4cx-62h2).

Upgrading to jackson-databind version 2.12.6.1 should address this issue.

Attachments

Issue Links

links to

GitHub Pull Request #11962

Activity

People

Assignee:: Edwin Hobor

Reporter:: Edwin Hobor

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Mar/22 08:44

Updated:: 01/Apr/22 01:41

Resolved:: 30/Mar/22 18:43