Upgrade jackson-databind package to >=2.16.0 version

## Description

Currently `jackson-databind` package used with version `2.13.5` by amazon-kinesis-client is having medium severity vulnerability.

https://ubuntu.com/security/CVE-2023-35116
https://nvd.nist.gov/vuln/detail/CVE-2023-35116

## Vulnerability Description

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

## Expected resolution

Upgrade `jackson-databind` package version to >=2.16.0 version https://github.com/awslabs/amazon-kinesis-client-python/blob/master/pom.xml#L9



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade jackson-databind package to >=2.16.0 version #299

Description

Vulnerability Description

Expected resolution

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Upgrade jackson-databind package to >=2.16.0 version #299

Description

Description

Vulnerability Description

Expected resolution

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions