CVE-2020-36186
maven/com.fasterxml.jackson.core/jackson-databind
Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource
.`
All versions starting from 2.9.0 before 2.9.10.8
Upgrade to version 2.9.10.8 or above.
2021-01-12
source |