General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Remote Code Execution
Vulnerability description
jackson-databind is vulnerable to remote code execution. The vulnerability exists because it does not restrict the data sources for the Jodd-db object type, leading to deserialisation of arbitrary data from external untrusted sources which would allow an attacker to execute arbitrary code.
Veracode Software Composition Analysis
Jodd-db
object type, leading to deserialisation of arbitrary data from external untrusted sources which would allow an attacker to execute arbitrary code.Links: