The jackson-databind library, used for serializing and deserializing Java objects into JSON, has been affected by a high-severity Deserialization of Untrusted Data vulnerability (CVE-2019-14379,CVE-2019-14439) that can lead to remote code execution if not properly secured. The maintainers have released version 2.9.9.3, which fixes the issue. Spring Boot users with versions up to 2.1.7 are vulnerable due to their dependency on the older jackson-databind package. Users can avoid this vulnerability by updating to a newer version of Spring Boot or excluding the vulnerable jackson-databind package from their dependencies. Regular scanning for known vulnerabilities in indirect dependencies is also recommended to ensure the security of applications.