Hi,
Our vulnerability scanning tool is detecting Elasticsearch-sql-cli-7.16.1.jar in the bin folder as vulnerable and the jar file contains a Jndilookup.class file. Is it supposed to be detected as vulnerable?
Can anyone please advise?
Thank you,
Oliver