CVE-2018-14721: Server-Side Request Forgery (SSRF)

January 2, 2019 (updated September 27, 2019)

FasterXML jackson-databind might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

References

github.com/FasterXML/jackson-databind/issues/2097
nvd.nist.gov/vuln/detail/CVE-2018-14721

Code Behaviors & Features

Detect and mitigate CVE-2018-14721 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →