Logstash how to solve the problem about jackson-databind CVE-2020-9548

Hi.

We're using Logstash 6.8.6, which has a dependency on jackson-databind 2.9.9.3. Our scans are flagging it as vulnerable to CVE-2020-9548:

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

How do I determine if it is actually vulnerable to this ?

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.