CVE-2020-36179
maven/com.fasterxml.jackson.core/jackson-databind
Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing.
All versions starting from 2.9.0 before 2.9.10.8
Upgrade to version 2.9.10.8 or above.
2021-01-12
source |