At the time of writing, there are 40 CVEs raised against jackson-databind v2.9.4. They are listed below.
Although it's not a direct dependency, SJC transitively depends on jackson-databind v2.9.4 via jackson-jaxrs-json-provider v2.9.4 and jackson-jaxrs-base v2.9.4.
At the time of writing, there are 40 CVEs raised against jackson-databind v2.9.4. They are listed below.
Although it's not a direct dependency, SJC transitively depends on jackson-databind v2.9.4 via jackson-jaxrs-json-provider v2.9.4 and jackson-jaxrs-base v2.9.4.
The CVEs in question are: