There is a vulnerability in jackson-databind 2.7.5 ,upgrade recommended

Open QiAnXinCodeSafe opened this issue 4 years ago • 0 comments

https://github.com/Netflix/Hystrix/blob/3cb21589895e9f8f87cfcdbc9d96d9f63d48b848/hystrix-serialization/build.gradle#L14

CVE-2020-9547 CVE-2018-14719 CVE-2018-14718 CVE-2019-14379 CVE-2019-20330

Recommended upgrade version：2.9.10.8

May 31 '21 08:05 QiAnXinCodeSafe