[
https://issues.apache.org/jira/browse/KAFKA-15000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725111#comment-17725111
]
Arushi Rai commented on KAFKA-15000:
------------------------------------
Thanks for the update [~showuon].
We use TwistLock for the vulnerabilities scan and it shows high severity
probably due to the perceived impact, it would be helpful if you could share
the impact from Kafka point of view.
> High vulnerability PRISMA-2023-0067 reported in jackson-core
> ------------------------------------------------------------
>
> Key: KAFKA-15000
> URL: https://issues.apache.org/jira/browse/KAFKA-15000
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.4.0, 3.3.2
> Reporter: Arushi Rai
> Priority: Critical
>
> Kafka is using jackson-core version 2.13.4 which has high vulnerability
> reported [PRISMA-2023-0067.
> |https://github.com/FasterXML/jackson-core/pull/827]
> This vulnerability is fix in Jackson-core 2.15.0 and Kafka should upgrade to
> the same.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
