Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.
AppDynamics customers and established members should click the sign in button to authenticate.
10-15-2019 08:13 AM
Our team has found a vulnerability in the Python agent 4.5.5 version during a scan and are unable to deploy. Has anyone else found this issue? Here is a request from our DevOps team.
Installing the python appdynamics agent 4.5.5.0 pulls in the com.fasterxml.jackson.core_jackson-databind version 2.9.9.1 as a dependency, which includes some critical vulnerabilities (CVSS 9.8) https://nvd.nist.gov/vuln/detail/CVE-2019-14379, https://nvd.nist.gov/vuln/detail/CVE-2019-16335, and https://nvd.nist.gov/vuln/detail/CVE-2019-14540.
Could we ask that the next python appdynamics agent update (4.5.6?) use at least com.fasterxml.jackson.core_jackson-databind 2.9.10, which resolves these vulnerabilities.
In our environment we did a “pip install appdynamics”, and a pip list afterwards shows the following versions of the packages installed:
appdynamics 4.5.5.0
appdynamics-bindeps-linux-x64 9.0
appdynamics-proxysupport-linux-x64 1.8.0.51.1
Solved! Go to Solution.
10-18-2019 10:47 AM
I recommend reporting this to support. Let me know if you have any trouble with this.
Thanks,
Ryan, AppDynamics Community Manager
10-22-2019 11:41 AM
Just to let anyone else know the status I am working heavily with support and other channels to get this addressed. In the meantime one can do a pip install but remove the jackson file in question as a workaround but goal is a clean pip install hopefully soon.
10-22-2019 12:04 PM
Hey Doug,
I am the Product Manager for th DL languages. I appreciate you bringing this up to the community. We are working to track this with our engineering leads to close the vulnerability in the short-term. We are also working at a better long term strategy.
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form