We are using Elastic search 7.13 version and in recent twist lock vulnerability scan this jar reported for 2 High vulnerabilities.
com.fasterxml.jackson.core_jackson-databind - 2.10.4
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
com.fasterxml.jackson.dataformat_jackson-dataformat-cbor - 2.10.4
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
Let us know how to tackle this issue.