The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * jackson-databind: polymorphic typing issue when enabling default typing for an externally exposed JSON endpoint and having apache-log4j-extra in the classpath leads to code execution For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.