[
https://issues.apache.org/jira/browse/KAFKA-15000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17760815#comment-17760815
]
Satish Duggana commented on KAFKA-15000:
----------------------------------------
[~ijuma] [~manikumar] It does not seem to have enough details or no CVE whether
it is a high risk issue. This was also not considered for 3.5. Is this a
blocking security issue for 3.6.0?
> High vulnerability PRISMA-2023-0067 reported in jackson-core
> ------------------------------------------------------------
>
> Key: KAFKA-15000
> URL: https://issues.apache.org/jira/browse/KAFKA-15000
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.4.0, 3.3.2, 3.5.1
> Reporter: Arushi Rai
> Assignee: Said BOUDJELDA
> Priority: Critical
> Fix For: 3.6.0
>
>
> Kafka is using jackson-core version 2.13.4 which has high vulnerability
> reported [PRISMA-2023-0067.
> |https://github.com/FasterXML/jackson-core/pull/827]
> This vulnerability is fix in Jackson-core 2.15.0 and Kafka should upgrade to
> the same.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
