Deserialization of Untrusted Datacom.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A Polymorphic Typing issue was discovered as com.zaxxer.hikari.HikariDataSource was not blocked. Note: This is a different vulnerability than CVE-2019-14540.
vdenotaris
commented
5 years ago
Deserialization of Untrusted Data
com.fasterxml.jackson.core:jackson-databindis a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A Polymorphic Typing issue was discovered as
com.zaxxer.hikari.HikariDataSourcewas not blocked. Note: This is a different vulnerability than CVE-2019-14540.