mod-source-record-manager-server uses jackson-databind 2.10.* that is vulnerable to this Denial-of-Service vulnerability:
- Affected versions of jackson-databind are vulnerable to Denial of Service (DoS) when using JDK serialization to serialize and deserialize JsonNode values.
Affected jackson-databind versions: < 2.12.6, 2.13.0
mod-source-record-manager-server (all versions <= 3.2.7) currently uses unsupported jackson-databind 2.10.*.
FOLIO modules use JsonNode in at least 36 files: https://github.com/search?q=org%3Afolio-org+jsonnode&type=code
- fix by removing or updating kafka-junit (see
- investigate how mod-source-record-manager-server is affected by this vulnerability and explain why it is not affected.