S3

s3curitybug/jackson-databind-cves

Analysis of the Jackson Databind CVE's

cve databind deserialization jackson rce spring spring-boot

Jackson-Databind is a dependency used by Spring-Boot to serialize and deserialize JSON and XML objects.

This project simulates a film database REST API, which interchanges objects representing films in JSON format.

The purpose of this project is to analyze the multiple CVE's affecting different versions of the Jackson-Databind library.

Jackson-Databind CVE List: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
Jackson-Databind Versions List: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
Spring-Boot Versions List: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot

Contributors

Created October 3, 2019

Updated November 10, 2019