Insecure deserialization In com.fasterxml.jackson.core:jackson-databind
Description
jackson-databind is vulnerable to a deserialization flaw A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 2.6.7.1, 2.7.9.1, 2.8.9 | ||
 debian 12 | 1.9.13-2 | ||
debian 11 | 2.9.1-1 | ||
debian 12 | 2.9.1-1 | ||
debian 13 | 2.9.1-1 | ||
debian 14 | 2.9.1-1 | ||
debian 13 | 1.9.13-2 | ||
debian 14 | 1.9.13-2 | ||
debian 11 | 1.9.13-2 |
Aliases
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35.
References
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36.