Intrusion Prevention



This indicates an attack attempt against a OS Command Execution vulnerability in the jackson-databind library.
The vulnerability is due to an error in the vulnerable application when trying to deserialize a maliciously crafted request. A remote attacker may be able exploit this to execute arbitrary code within the context of the application via crafted requests.

Affected Products

jackson-databind 2.8.8 and prior.


System Compromise: Remote attacker can gain control of vulnerable systems.

Recommended Actions

Upgrade com.fasterxml.jackson to version 2.9.2.

CVE References