Hi Islam Thank you for the notification!
I just merged https://github.com/apache/kafka/pull/11962 which fixes CVE-2020-36518.
Best, Bruno On 30.03.22 20:48, Islam Farag wrote:
Hello, Need to report a vulnerability<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518> that exists inside any jackson-databind version prior to version 2.13.2.1, as per my review, the latest kafka version is using jackson databind 2.12.6 , a micro-patch is released<https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13#micro-patches> for jackson 2.13. Thanks, Islam
