Fix CVE-2020-36518
Opened this issue · 0 comments
elenigen commented
https://github.expedia.biz/advisories/GHSA-57j2-w4cx-62h2
high severity
Vulnerable versions: <= 2.12.6.0
Patched version: 2.12.6.1
jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.