General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Remote Code Execution (RCE)
Vulnerability description
jackson-databind is vulnerable to remote code execution (RCE). The vulnerability exists as it does not stop classes from the p6spy package from being used as deserialization gadgets.
Veracode Software Composition Analysis
p6spy
package from being used as deserialization gadgets.Links: