Arbitrary Code Execution

2021-01-0807:27:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

66.1%

JSON

jackson-databind is vulnerable to remote code execution (RCE). The vulnerability exists through the lack of sanitization of the org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPD class through deserialization.

CPENameOperatorVersion
jackson-databindle2.9.10.7
data mapper for jacksonle1.9.13
data mapper for jacksonle1.9.13
jackson-databindle2.9.10.7
data mapper for jacksonle1.9.13
data mapper for jacksonle1.9.13

Name	Operator	Version
jackson-databind	le	2.9.10.7
data mapper for jackson	le	1.9.13
data mapper for jackson	le	1.9.13
jackson-databind	le	2.9.10.7
data mapper for jackson	le	1.9.13
data mapper for jackson	le	1.9.13