General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Remote Code Execution (RCE)
Vulnerability description
jackson-databind is vulnerable to remote code execution (RCE) attacks. The vulnerability exists because it does not prevent the deserialization of certain gadget types from the JDBC driver which could be used to perform remote code execution attacks through deserialization.
Veracode Software Composition Analysis
Links: