embulk-input-jdbc icon indicating copy to clipboard operation
embulk-input-jdbc copied to clipboard
verified publisher icon embulk

Security update of jackson-databind library of embulk-input-postgresql to 2.13

Open alexopoulos7 opened this issue 3 years ago • 0 comments

If we check https://github.com/embulk/embulk-input-jdbc/blob/master/embulk-input-postgresql/gradle/dependency-locks/compileClasspath.lockfile we can see that jackson-databind is in version 2.6.7 but this version has some security vulnerabilities and needs to be upgraded: CWE-502: Deserialization of Untrusted Data CWE-184: Incomplete List of Disallowed Inputs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616

alexopoulos7 avatar Sep 29 '22 15:09 alexopoulos7