[jira] [Resolved] (KAFKA-13775) CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1

Bruno Cadonna (Jira) Wed, 30 Mar 2022 11:44:08 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-13775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Bruno Cadonna resolved KAFKA-13775.
-----------------------------------
    Resolution: Fixed

> CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1
> -----------------------------------------------------
>
>                 Key: KAFKA-13775
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13775
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 3.1.0, 3.0.0, 3.0.1
>            Reporter: Edwin Hobor
>            Priority: Major
>              Labels: CVE, security
>             Fix For: 3.2.0
>
>
> *CVE-2020-36518* vulnerability affects Jackson-Databind in Kafka (see 
> [https://github.com/advisories/GHSA-57j2-w4cx-62h2]).
> Upgrading to jackson-databind version *2.12.6.1* should address this issue.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (KAFKA-13775) CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1

Reply via email to