2 matches found
FasterXML jackson-databind input validation error vulnerability
FasterXML jackson-databind is a generic data binding package for Jackson 2.x. An input validation error vulnerability exists in versions of FasterXML jackson-databind prior to 2.9.9.2. The vulnerability stems from SubTypeValidator.java not handling default input correctly when using ehcache. An...
PT-2019-3766
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.7.0 through 2.7.9.5 jackson-databind versions 2.8.0 through 2.8.11.3 jackson-databind versions 2.9.0 through 2.9.9.1 Description The issue is related to the mishandling of default typing in the SubTypeValidator.java...