jackson-databind:2.9.4 comes from Calcite avatica:1.12.0 shaded jar:
https://mvnrepository.com/artifact/org.apache.calcite.avatica/avatica/1.12.0

that jar has also reported vulnerability :CVE-2022-36364, we should try to 
upgrade it.

Another one is htrace-core:3.1.0-incubating from accumulo-core:1.10.1
https://mvnrepository.com/artifact/org.apache.htrace/htrace-core/3.1.0-incubating

Same story: CVE-2022-36364

Reply via email to