Description
Vulnerable Package issue exists @ Maven-com.fasterxml.jackson.core:jackson-databind-2.0.4 in branch master
FasterXML jackson-databind prior to 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
Namespace: cxronen
Repository: BookStore_VSCode
Repository Url: https://github.com/cxronen/BookStore_VSCode
CxAST-Project: cxronen/BookStore_VSCode
CxAST platform scan: 37566721-72f7-4138-88b2-1b967ae4ebee
Branch: master
Application: BookStore_VSCode
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-502
Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.6.7.5