Hi all,
Iam using elasitcsearch 6.1.4 with SG 22.3. Iam trying to patch the following vulnerability
2 | CVE-2018-19362 | 502 | 2019-01-02 | 2019-05-07 | 7.5 | None | Remote | Low | Not required | Partial | Partial | Partial | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. |
Has anyone tried with 2.9.8 jar? Would it be compatible with Searchguard 22.3?
Thanks
Rajesh.