Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.
AppDynamics customers and established members should click the sign in button to authenticate.
Our team has found a vulnerability in the Python agent 4.5.5 version during a scan and are unable to deploy. Has anyone else found this issue? Here is a request from our DevOps team.
Installing the python appdynamics agent 126.96.36.199 pulls in the com.fasterxml.jackson.core_jackson-databind version 188.8.131.52 as a dependency, which includes some critical vulnerabilities (CVSS 9.8) https://nvd.nist.gov/vuln/detail/CVE-2019-14379, https://nvd.nist.gov/vuln/detail/CVE-2019-16335, and https://nvd.nist.gov/vuln/detail/CVE-2019-14540.
Could we ask that the next python appdynamics agent update (4.5.6?) use at least com.fasterxml.jackson.core_jackson-databind 2.9.10, which resolves these vulnerabilities.
In our environment we did a “pip install appdynamics”, and a pip list afterwards shows the following versions of the packages installed:
Solved! Go to Solution.