General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Remote Code Execution (RCE)
Vulnerability description
jackson-databind is vulnerable to remote code execution. The vulnerability exists as it does not stop classes from the commons-dbcp package from being used as deserialization gadgets.
Veracode Software Composition Analysis
commons-dbcp
package from being used as deserialization gadgets.Links: