Tutorials

[Tutorial] Resolving Jackson Databind security vulnerability, VULNDB-275302

December 15, 2021

The following tutorial will help you resolve the Jackson Databind security vulnerability in Spring Boot apps that use Maven. The vulnerability ID is VULNDB-275302 in Sysdig.

Sysdig recommends you downgrade Jackson Databind to version 2.9.10.8.  If you tried downgrading to that version and then find your app all broken, then here’s a solution for you!

1.) Update the Jackson Databind library to be 2.13.0-rc2:

<dependency>
    <groupId>com.fasterxml.jackson.core</groupId>
    <artifactId>jackson-databind</artifactId>
    <version>2.13.0-rc2</version>
</dependency>

That’s it! The above should resolve VULNDB-275302.


Vector image provided by Vectorstock.

You Might Also Like