Security update of jackson-databind library of embulk-input-postgresql to 2.13
Opened this issue · 0 comments
alexopoulos7 commented
If we check https://github.com/embulk/embulk-input-jdbc/blob/master/embulk-input-postgresql/gradle/dependency-locks/compileClasspath.lockfile we can see that jackson-databind is in version 2.6.7 but this version has some security vulnerabilities and needs to be upgraded:
CWE-502: Deserialization of Untrusted Data
CWE-184: Incomplete List of Disallowed Inputs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616