General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Deserialization Of Untrusted Data
Vulnerability description
FasterXML jackson-databind is vulnerable to deserialization of untrusted data. It causes polymorphic typing because there are more than one association gadget types related to com.zaxxer.hikari.HikariDataSource by default. This vulnerability is different from CVE-2019-14540. A remote attacker can gain unauthorized access to sensitive information on the system.
Veracode Software Composition Analysis
Links: