Vulnerable Dependency in version 2.7.0 - Jackson Databind
owaspdpn opened this issue · 0 comments
owaspdpn commented
Hi,
Latest stable version has a dependency that has public known vulnerability:
https://github.com/delirius325/jmeter-elasticsearch-backend-listener/blob/master/pom.xml#L139
jackson-databind-2.10.0.pr1 -> CVE-2020-25649
FasterXML/jackson-databind#2589
dependency-check tool can be used to detect vulnerable dependencies:
https://owasp.org/www-project-dependency-check/
Please could you release a new version, I think rebuilding the source should fix the issue based on the maven config:
https://github.com/delirius325/jmeter-elasticsearch-backend-listener/blob/master/pom.xml#L140