Home / Companies / Snyk / Blog / Post Details
Content Deep Dive

Jackson Deserialization Vulnerability

Blog post from Snyk

Post Details
Company
Date Published
Author
Brian Vermeer
Word Count
586
Company Posts That Month
8
Language
English
Hacker News Points
1
Post removed?
No
Summary

The jackson-databind library, used for serializing and deserializing Java objects into JSON, has been affected by a high-severity Deserialization of Untrusted Data vulnerability (CVE-2019-14379,CVE-2019-14439) that can lead to remote code execution if not properly secured. The maintainers have released version 2.9.9.3, which fixes the issue. Spring Boot users with versions up to 2.1.7 are vulnerable due to their dependency on the older jackson-databind package. Users can avoid this vulnerability by updating to a newer version of Spring Boot or excluding the vulnerable jackson-databind package from their dependencies. Regular scanning for known vulnerabilities in indirect dependencies is also recommended to ensure the security of applications.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.