CVE-2020-36180
maven/com.fasterxml.jackson.core/jackson-databind
Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
.
All versions starting from 2.0.0 before 2.9.10.8
Upgrade to version 2.9.10.8 or above.
2021-01-12
source |