Open alexopoulos7 opened 2 years ago
If we check https://github.com/embulk/embulk-input-jdbc/blob/master/embulk-input-postgresql/gradle/dependency-locks/compileClasspath.lockfile we can see that jackson-databind is in version 2.6.7 but this version has some security vulnerabilities and needs to be upgraded: CWE-502: Deserialization of Untrusted Data CWE-184: Incomplete List of Disallowed Inputs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616
If we check https://github.com/embulk/embulk-input-jdbc/blob/master/embulk-input-postgresql/gradle/dependency-locks/compileClasspath.lockfile we can see that jackson-databind is in version 2.6.7 but this version has some security vulnerabilities and needs to be upgraded: CWE-502: Deserialization of Untrusted Data CWE-184: Incomplete List of Disallowed Inputs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616