The remote Debian host is missing a security-related update.
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.
Upgrade the jackson-databind packages. For the oldstable distribution (jessie), these problems have been fixed in version 2.4.2-2+deb8u3. For the stable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u3.