General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Remote Code Execution
Vulnerability description
FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Veracode Software Composition Analysis
net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup
.Links: