General data-binding functionality for Jackson: works on core streaming API
Language
JAVA
Vulnerability
Remote Code Execution (RCE)
Vulnerability description
FasterXML jackson-databind is vulnerable to remote code execution (RCE). A polymorphic typing issue allows a remote attacker to execute arbitrary code through the JNDI service due to unsafe deserialization of objects related to the apache-log4j-extra classpath.
Veracode Software Composition Analysis
apache-log4j-extra
classpath.Links: