Vulnerable Dependency in version 2.7.0 - Jackson Databind

Hi,

Latest stable version has a dependency that has public known vulnerability:

https://github.com/delirius325/jmeter-elasticsearch-backend-listener/blob/master/pom.xml#L139

jackson-databind-2.10.0.pr1 -> CVE-2020-25649

https://github.com/FasterXML/jackson-databind/issues/2589

dependency-check tool can be used to detect vulnerable dependencies:
https://owasp.org/www-project-dependency-check/

Please could you release a new version, I think rebuilding the source should fix the issue based on the maven config:
https://github.com/delirius325/jmeter-elasticsearch-backend-listener/blob/master/pom.xml#L140



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Vulnerable Dependency in version 2.7.0 - Jackson Databind #102

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Vulnerable Dependency in version 2.7.0 - Jackson Databind #102

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions