CVE-2018-14721

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x prior to 2.9.7

Description The issue is related to insufficient checking of incoming requests, which could allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging a failure to block certain classes from polymorphic deserialization. This could potentially enable attackers to exploit the vulnerability and perform SSRF attacks.

Recommendations For versions 2.x prior to 2.9.7, update to version 2.9.7 or later to resolve the issue. As a temporary workaround, consider restricting or disabling the use of polymorphic deserialization to minimize the risk of exploitation.