jackson-databind is reported by our internal Black Duck security scan for Introscope Enterprise Manager 10.8.
Details:
CVE :BDSA-2023-149
And
"An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that the product is not intended for use with untrusted input."