Logstash how to solve the problem about jackson-databind CVE-2020-9548

geraintj · September 22, 2020, 1:13pm

Hi.

We're using Logstash 6.8.6, which has a dependency on jackson-databind 2.9.9.3. Our scans are flagging it as vulnerable to CVE-2020-9548:

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

How do I determine if it is actually vulnerable to this ?

system · October 20, 2020, 1:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash--jackson-databind vulnerabilities for logstash-7.9.0 Logstash	1	344	December 8, 2020
Logstash how to solve the problem about jackson-databind CVE-2019-12384 Logstash	3	1317	September 4, 2019
Vulnerabilities associated with jackson-databind 2.8.11.3 Elasticsearch	1	824	May 14, 2020
Vulnerability CVE-2020-25649 reported on Elasticsearch 7.17.4 Elasticsearch	3	434	July 11, 2022
Logstash / Elastic CVE-2022-21449 Logstash	1	291	May 19, 2022

Logstash how to solve the problem about jackson-databind CVE-2020-9548

Related topics