Insecure deserialization In com.fasterxml.jackson.core:jackson-databind
Description
Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 | ||
 debian 11 | 2.10.1-1 | ||
debian 12 | 2.10.1-1 | ||
debian 13 | 2.10.1-1 | ||
debian 14 | 2.10.1-1 | ||
 rpm rhel8 | 0:10.8.3-1.module+el8.2.0+5925+bad5981a |
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35.