[ https://issues.apache.org/jira/browse/KAFKA-13775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bruno Cadonna resolved KAFKA-13775. ----------------------------------- Resolution: Fixed > CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 > ----------------------------------------------------- > > Key: KAFKA-13775 > URL: https://issues.apache.org/jira/browse/KAFKA-13775 > Project: Kafka > Issue Type: Bug > Affects Versions: 3.1.0, 3.0.0, 3.0.1 > Reporter: Edwin Hobor > Priority: Major > Labels: CVE, security > Fix For: 3.2.0 > > > *CVE-2020-36518* vulnerability affects Jackson-Databind in Kafka (see > [https://github.com/advisories/GHSA-57j2-w4cx-62h2]). > Upgrading to jackson-databind version *2.12.6.1* should address this issue. -- This message was sent by Atlassian Jira (v8.20.1#820001)