Description
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis.
jackson-databind: improper polymorphic deserialization of types from Jodd-db library.
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver.
jackson-databind: arbitrary code execution in slf4j-ext class.
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes.
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class.
jackson-databind: improper polymorphic deserialization in openjpa class.
jackson-databind: improper polymorphic deserialization in jboss-common-core class.
jackson-databind: exfiltration/XXE in some JDK classes.
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class.