https://bugzilla.redhat.com/show_bug.cgi?id=1826798
--- Comment #21 from Mark Cooper mcooper@redhat.com --- OpenShift packages a vulnerable version of jackson-databind (2.7.7) in the component openshift/origin-aggregated-logging. However as per the statement, lowering the impact to Moderate.