Deserialization of Untrusted Data (CVE-2019-16335) #74
Labels
kind/bug
Categorizes issue or pull request as related to a bug.
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
Projects
Deserialization of Untrusted Data
com.fasterxml.jackson.core:jackson-databind
is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A Polymorphic Typing issue was discovered as
com.zaxxer.hikari.HikariDataSource
was not blocked. Note: This is a different vulnerability than CVE-2019-14540.The text was updated successfully, but these errors were encountered: