Description
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis.
jackson-databind: improper polymorphic deserialization of types from Jodd-db library.
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver.
undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer.
jackson-databind: exfiltration/XXE in some JDK classes.
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class.
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users.
wildfly: wrong SecurityIdentity for EE concurrency threads that are reused.