General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Remote Code Execution (RCE)
Vulnerability description
jackson-databind is vulnerable to remote code execution. The application does not block the jboss-common-core class from polymorphic deserialization, which would allow a remote attacker to leverage this vulnerability to execute arbitrary code.
Veracode Software Composition Analysis
jboss-common-core
class from polymorphic deserialization, which would allow a remote attacker to leverage this vulnerability to execute arbitrary code.Links: