Jackson Databind
Jackson Databind is a core module of the Jackson library that provides data-binding functionality for converting Java objects to JSON and vice versa.
Maven Dependency
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.15.2</version>
</dependency>
Compatibility of Jackson Databind with Java & Spring Versions
| Version | Minimum Java Version | Spring Framework Version | Spring Boot Version |
|---|---|---|---|
| 2.13.3 | 8 | 5.3.12 | 2.5.5 |
| 2.14.1 | 8 | 5.3.20 | 2.7.10 |
| 2.15.2 Latest | 8 | 5.3.27 | 2.7.13 |
- 1. Unexpected end-of-input: expected close marker for Object
- 2. com.fasterxml.jackson.databind.exc.DatabindException
1. Unexpected end-of-input: expected close marker for Object
Malformed JSON structure, such as missing quotes or brackets.
Code Snippet
import com.fasterxml.jackson.databind.ObjectMapper;
public class JacksonExample {
public static void main(String[] args) throws Exception {
String invalidJson = "{ "name": "John", "age": 30 "; // Missing closing brace
ObjectMapper mapper = new ObjectMapper();
mapper.readTree(invalidJson); // Throws exception
}
}
Stack Trace
com.fasterxml.jackson.core.JsonParseException: Unexpected end-of-input: expected close marker for Object (from [Source: (String)"{"key": "value""; line: 1, column: 1])
at [Source: (String)"{"key": "value""; line: 1, column: 17]
2. com.fasterxml.jackson.databind.exc.DatabindException
General-purpose exception wrapping other issues during serialization/deserialization
Code Snippet
import com.fasterxml.jackson.databind.ObjectMapper;
public class JacksonExample {
static class CircularReference {
public CircularReference ref;
public CircularReference(CircularReference ref) {
this.ref = ref;
}
}
public static void main(String[] args) throws Exception {
CircularReference obj = new CircularReference(null);
obj.ref = obj; // Circular reference
ObjectMapper mapper = new ObjectMapper();
mapper.writeValueAsString(obj); // Throws exception
}
}
Stack Trace
com.fasterxml.jackson.databind.exc.DatabindException: Direct self-reference leading to cycle
Vulnerabilities:
| ID | Description | Fixed in Version |
|---|---|---|
| CVE-2023-35116 | Denial of Service (DoS) when processing deeply nested JSON structures. | 2.15.2 |
| CVE-2022-42003 | Remote code execution vulnerability in certain deserialization scenarios. | 2.14.1 |
Popular Dependencies Using This:
- Spring Boot Starter Web
- Apache Camel
- Hibernate Validator
Manifest Info
Manifest-Version: 1.0 Built-By: FasterXML Specification-Title: jackson-databind Specification-Version: 2.15.2