General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Deserialization Of Untrusted Data
Vulnerability description
jackson-databind is susceptible to deserialization of untrusted data. It is due to an incomplete fix for the CVE-2017-7525 which has classes which perform general-purpose data-binding functionality and tree-model for untrusted data.
Veracode Software Composition Analysis
Links: