Anupam Aggarwal created FLINK-37078:
---------------------------------------

             Summary: Update jackson-mapper-asl dependency
                 Key: FLINK-37078
                 URL: https://issues.apache.org/jira/browse/FLINK-37078
             Project: Flink
          Issue Type: Bug
          Components: FileSystems
            Reporter: Anupam Aggarwal


Flink includes org.codehaus.jackson:jackson-mapper-asl:1.9.13 which contains 
[CVE-2019-10202|https://nvd.nist.gov/vuln/detail/cve-2019-10202]


There seems to be a version - 
org.codehaus.jackson/jackson-mapper-asl/1.9.14.jdk17-redhat-00001 (in redhat GA 
repository) which is not flagged as vulnerable 

More details at [https://nvd.nist.gov/vuln/detail/cve-2019-10202] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to