Is Fuse 6.3 vulnerable to Jackson Databind polymorphic type handling flaws?

Solution Verified - Updated -

Issue

  • 3rd party vulnerability scanning tools will often report Fuse 6.3 R13 is affected by Jackson Databind polymorphic type handling flaws but is it actually vulnerable?

Environment

  • Red Hat JBoss Fuse (Fuse)
    • 6.3.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In