There is 1 open security issue in bullseye.
1 issue left for the package maintainer to handle:
- CVE-2021-46877:
(needs triaging)
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
You can find information about how to handle this issue in the security team's documentation.