Hi,
In the Elasticsearch 6.8.4 jackson-databind version 2.8.11.3 used.
This version of Jackson-databind has many high vulnerabilities associated.
CVE-2019-16943
CVE-2018-19360
CVE-2019-14893
CVE-2018-14719
CVE-2019-16335
CVE-2019-14892
CVE-2017-7525
CVE-2018-14718
CVE-2018-19362
CVE-2020-11612
CVE-2019-14540
CVE-2019-17531
CVE-2019-17267
CVE-2018-5382
CVE-2018-14721
CVE-2019-20330
CVE-2020-8840
CVE-2018-19361
CVE-2019-16942
CVE-2019-14379
CVE-2018-14720
How is Jackson-databind used in Elasticsearch, whether these vulnerabilties applies to Elasticsearch 6.8.4 OSS?
I notices that Elasticsearch mater use jackson = 2.10.3.
When is it planned to be released?
Thanks & Regards,
Sunil