PT-2019-3766 · Jackson +4 · Jackson-Databind +4

Name of the Vulnerable Software and Affected Versions: jackson-databind versions 2.7.0 through 2.7.9.5 jackson-databind versions 2.8.0 through 2.8.11.3 jackson-databind versions 2.9.0 through 2.9.9.1 Description: The issue is related to the mishandling of default typing in the SubTypeValidator.ja...

Internet Bug Bounty: Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem

I've been exploring the industry-wide scope of the use of HTTP to resolve dependencies in build infrastructure across the industry. What I unearthed was that some of the most popular libraries and two compilers were impacted by this vulnerability. Vulnerability CWE-829: Inclusion of Functionality...