Hi.
We're using Logstash 6.8.6, which has a dependency on jackson-databind 2.9.9.3. Our scans are flagging it as vulnerable to CVE-2020-9548:
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
How do I determine if it is actually vulnerable to this ?