Description
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Remediation
References
https://github.com/FasterXML/jackson-databind/issues/2854
https://bugzilla.redhat.com/show_bug.cgi?id=1916633
https://security.netapp.com/advisory/ntap-20210219-0008/
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E
Related Vulnerabilities
CVE-2022-43426 Vulnerability in maven package io.jenkins.plugins:s3explorer
CVE-2022-22984 Vulnerability in npm package snyk-docker-plugin
CVE-2022-27200 Vulnerability in maven package io.jenkins.plugins:folder-auth
CVE-2020-13959 Vulnerability in maven package org.apache.velocity.tools:velocity-tools-view
CVE-2020-36048 Vulnerability in maven package org.webjars.npm:engine.io