Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:28933
HistoryJan 08, 2021 - 6:11 a.m.

Arbitrary Code Execution

2021-01-0806:11:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
arbitrary code execution
jackson-databind
rce
remote code execution
deserialization
peruserpooldatasource

EPSS

0.003

Percentile

66.0%

jackson-databind is vulnerable to remote code execution (RCE). The vulnerability exists through the lack of sanitization of the org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource class through deserialization.