kafka-connect-storage-common CVE-2022-42003, CVE-2022-42004 (jackson-databind)

CVE-2022-42003, CVE-2022-42004 (jackson-databind)

Open cameronwaterman opened this issue 3 years ago • 1 comments

jackson-databind 2.13.2.1 includes two HIGH severity CVEs:

CVE-2022-42003 - Fix: upgrade to >= 2.14.0-rc1 CVE-2022-42004 - Fix: upgrade to >= 2.13.4

Oct 24 '22 21:10 cameronwaterman

Thank you for raising this issue. We are aware of those issues and plan on addressing them in an upcoming release cycle.

Oct 27 '22 01:10 janjwerner-confluent