Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Mitigation

*Update*: As of version 2.10.0, Jackson now provides a safe default typing solution that fully mitigates this vulnerability.

Reference: [https://medium.com/@cowtowncoder/jackson-2-10-features-cd880674d8a2](https://medium.com/@cowtowncoder/jackson-2-10-features-cd880674d8a2)

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Related links:

• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14540

• https://github.com/FasterXML/jackson-databind/issues/2410

• https://blog.sonatype.com/jackson-databind-remote-code-execution

• https://blog.sonatype.com/jackson-databind-the-end-of-the-blacklist